Annex to the Wisepops Data Processing Agreement Last updated: 2026-02-26

This document describes the technical and organizational measures implemented by Wisepops to ensure the security of personal data processed on behalf of its clients, in accordance with Article 32 of the General Data Protection Regulation (GDPR).

1. Infrastructure and Hosting

Wisepops' application is hosted entirely on cloud infrastructure provided by Amazon Web Services (AWS) and Google Cloud Platform (GCP), located in the United States. Both providers maintain industry-leading security certifications, including ISO 27001 and SOC 2 compliance.

Cloudflare is used as a content delivery network (CDN) and provides additional security layers including Web Application Firewall (WAF) and IP reputation filtering.

All three sub-processors are listed as participants in the EU-U.S. Data Privacy Framework.

2. Encryption

• Data in transit: All communications are encrypted using HTTPS/TLS. HTTPS is enforced across the entire platform.
• Data at rest: Critical data and backups are encrypted at rest using industry-standard encryption methods provided by AWS and GCP.
• Backup encryption: All backups are encrypted both in transit and at rest, with access restricted to authorized personnel only.

3. Access Control

Wisepops implements strict access control measures based on the principle of least privilege:

• Access to production systems is limited to a small number of lead developers.
• Server access is exclusively via Secure Shell (SSH) with private key authentication or gcloud utility. FTP is not used.
• Databases do not accept external connections, and no web-based database administration tools (e.g., phpMyAdmin) are in use.
• Role-Based Access Control (RBAC) is used for all resource access.
• Separate accounts are required for administrative and non-administrative access.
• Each user has a unique identifier; shared accounts are prohibited.