Last updated: June 2026
This DPA is incorporated into and forms part of the NukeAPI Terms of Service. By using NukeAPI, you agree to this DPA.
Controller: The customer (you) who determines the purposes and means of processing personal data.
Processor: NukeAPI, who processes personal data on behalf of the Controller.
Personal Data: Any information relating to an identified or identifiable natural person submitted to the Service.
Processing: The deletion operations performed on personal data via the NukeAPI service.
| Item | Detail |
|---|---|
| Subject matter | Deletion of personal data from third-party services |
| Duration | For the term of the service agreement |
| Nature | Automated deletion via API calls to connected services |
| Purpose | GDPR Art. 17 / CCPA compliance — right to erasure |
| Types of data | Email addresses, user IDs submitted by Controller |
| Categories of subjects | End-users of the Controller's service |
NukeAPI agrees to:
The Controller agrees to:
NukeAPI uses the following sub-processors. By entering this DPA you authorise their use:
| Sub-processor | Purpose | Location |
|---|---|---|
| Supabase Inc. | Database, authentication | United States |
| Vercel Inc. | Hosting, serverless compute | United States |
| Resend Inc. | Transactional email | United States |
Data may be transferred to and processed in countries outside your home jurisdiction. NukeAPI ensures all such transfers are protected by appropriate safeguards including Standard Contractual Clauses (SCCs), adequacy decisions, or equivalent internationally recognised transfer mechanisms.
NukeAPI retains deletion request logs and audit trails for 90 days, after which they are permanently purged. Upon termination of your account, all personal data associated with your account is deleted within 30 days.
In the event of a personal data breach, NukeAPI will notify the Controller without undue delay and no later than 72 hours after becoming aware, providing sufficient information to allow the Controller to meet any applicable notification obligations.
The Controller may request an audit of NukeAPI's data processing activities no more than once per year, with 30 days' written notice, at the Controller's expense.
For DPA requests or questions: hello@nukeapi.dev