Skip to content

Trusted across the UK, USA, EU & India - 24/7 incident response.

Data processing addendum

Last updated 19 June 2026

This Data Processing Addendum (DPA) describes how IntelligenceX processes personal data on behalf of its clients when acting as a processor under the GDPR, the UK GDPR, India's DPDP Act, and other applicable data protection laws. It supplements the engagement agreement between IntelligenceX and the client.

For most security and compliance engagements, the client is the controller of any personal data involved and IntelligenceX is the processor. To request a signed DPA, contact contact@intelligencex.org.

1. Roles and Scope

The client determines the purposes and means of processing and acts as the controller. IntelligenceX processes personal data only on the documented instructions of the client, for the purpose of delivering the agreed services, and for no other purpose.

2. Our Obligations as Processor

  • Process personal data only on the client's documented instructions.
  • Ensure personnel authorised to process data are bound by confidentiality.
  • Implement appropriate technical and organisational security measures.
  • Assist the client with data subject requests and with security, breach, and impact-assessment obligations.
  • Delete or return personal data at the end of the engagement, unless retention is required by law.

3. Sub-processors

We use a limited set of vetted sub-processors to deliver our services. Each sub-processor is bound by contractual terms no less protective than this DPA. We maintain a current list of sub-processors and will give clients notice of changes so they can object where they have the right to do so. The categories of sub-processors we use include:

  • Cloud infrastructure and hosting providers.
  • Email and communication delivery services.
  • Analytics and product telemetry providers.
  • Secure file sharing and collaboration platforms used to deliver engagement reports.

4. International Transfers

Where personal data is transferred across borders, we rely on appropriate safeguards such as Standard Contractual Clauses, the UK International Data Transfer Agreement, or equivalent mechanisms recognised under applicable law.

5. Security and Breach Notification

We maintain encryption in transit, access controls, logging, and regular testing to protect personal data. If we become aware of a personal data breach affecting client data, we will notify the client without undue delay and support their notification obligations.

6. Audits

On reasonable notice, and subject to confidentiality, we will make available the information necessary to demonstrate compliance with this DPA and support audits as required by applicable law and the engagement agreement.

7. Contact

To request our DPA, our current sub-processor list, or further information, contact contact@intelligencex.org.

Talk to a security expert today

A penetration test, an audit, or 24/7 monitoring, our team is ready across the UK, USA, EU and India.

Get a free consultationAlready hacked? Contact us