Data Processing Agreement
Last updated: April 4, 2026
1. Scope
This Data Processing Agreement ("DPA") applies to the processing of personal data by CloudFran Technologies on behalf of healthcare organizations using the Meditropia platform.
2. Data Processor Role
CloudFran Technologies acts as a Data Processor. The healthcare organization ("Customer") acts as the Data Controller. We process data only in accordance with documented instructions from the Customer.
3. Security Measures
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption, access controls, regular testing, and incident response procedures.
4. Sub-Processors
We use sub-processors for specific functions including cloud hosting (Microsoft Azure), payment processing (Stripe), communications (Twilio, SendGrid). A current list is available upon request.
5. Data Breach Notification
In the event of a personal data breach, we will notify the Customer without undue delay and in any event within 72 hours of becoming aware of the breach.