NukeAPI

Data Processing Agreement

Last updated: June 2026

This DPA is incorporated into and forms part of the NukeAPI Terms of Service. By using NukeAPI, you agree to this DPA.

1. Definitions

Controller: The customer (you) who determines the purposes and means of processing personal data.

Processor: NukeAPI, who processes personal data on behalf of the Controller.

Personal Data: Any information relating to an identified or identifiable natural person submitted to the Service.

Processing: The deletion operations performed on personal data via the NukeAPI service.

2. Scope of Processing

ItemDetail
Subject matterDeletion of personal data from third-party services
DurationFor the term of the service agreement
NatureAutomated deletion via API calls to connected services
PurposeGDPR Art. 17 / CCPA compliance — right to erasure
Types of dataEmail addresses, user IDs submitted by Controller
Categories of subjectsEnd-users of the Controller's service

3. Processor Obligations

NukeAPI agrees to:

4. Controller Obligations

The Controller agrees to:

5. Security Measures

6. Sub-Processors

NukeAPI uses the following sub-processors. By entering this DPA you authorise their use:

Sub-processorPurposeLocation
Supabase Inc.Database, authenticationUnited States
Vercel Inc.Hosting, serverless computeUnited States
Resend Inc.Transactional emailUnited States

7. International Transfers

Data may be transferred to and processed in countries outside your home jurisdiction. NukeAPI ensures all such transfers are protected by appropriate safeguards including Standard Contractual Clauses (SCCs), adequacy decisions, or equivalent internationally recognised transfer mechanisms.

8. Data Retention and Deletion

NukeAPI retains deletion request logs and audit trails for 90 days, after which they are permanently purged. Upon termination of your account, all personal data associated with your account is deleted within 30 days.

9. Breach Notification

In the event of a personal data breach, NukeAPI will notify the Controller without undue delay and no later than 72 hours after becoming aware, providing sufficient information to allow the Controller to meet any applicable notification obligations.

10. Audit Rights

The Controller may request an audit of NukeAPI's data processing activities no more than once per year, with 30 days' written notice, at the Controller's expense.

11. Contact

For DPA requests or questions: hello@nukeapi.dev

← Back to NukeAPI · Terms of Service · Privacy Policy