Under Attack?

Data Processing Agreement

This Data Processing Agreement is effective as of February 24, 2026.

This Data Processing Agreement, referred to as the DPA, forms part of the agreement between TMN SA, Rue du Grand Chêne 5, 1003 Lausanne, Switzerland, referred to as Trafficmind, and the customer that has entered into a services agreement with Trafficmind, referred to as the Customer.

This DPA governs the processing of personal data by Trafficmind on behalf of the Customer in connection with the provision of Trafficmind’s services, including but not limited to DDoS mitigation, authoritative DNS, CDN services, Web Application Firewall services, and related network security solutions.

If there is a conflict between this DPA and the main services agreement, this DPA will control with respect to data protection matters.

1. Roles of the Parties

For the purposes of applicable data protection law:

  • The Customer is the data controller or processor, as applicable.
  • Trafficmind acts as a data processor when processing personal data on behalf of the Customer.

Trafficmind processes personal data only on documented instructions from the Customer, unless required to do so by applicable law.

2. Subject Matter and Duration

This DPA applies for the duration of the services agreement between the parties.

Processing will continue for the term of the agreement and, where applicable, for the limited period required to return or delete personal data in accordance with Section 9 of this DPA.

3. Nature and Purpose of Processing

Trafficmind provides network security and infrastructure services designed to protect availability, integrity, and performance of internet connected systems.

Processing activities may include:

  • Receiving, transmitting, filtering, and analyzing network traffic
  • Mitigating malicious or abusive traffic
  • Providing DNS resolution and content delivery
  • Logging and monitoring security events
  • Providing customer support

Processing is strictly limited to what is necessary to deliver the services and maintain security.

Trafficmind does not sell personal data and does not use Customer data for advertising or profiling purposes.

4. Categories of Data and Data Subjects

Depending on the Customer’s use of the services, personal data processed may include:

  • IP addresses
  • Network metadata
  • DNS query data
  • Authentication logs
  • Customer account information
  • Support communications

Data subjects may include:

  • End users of Customer websites or applications
  • Customer employees or administrators
  • API users

Trafficmind does not intentionally process special category data. If such data is transmitted through Customer traffic, it is processed only as necessary to provide the services.

5. Confidentiality

Trafficmind ensures that personnel authorized to process personal data are bound by confidentiality obligations and receive appropriate data protection training.

Access to personal data is limited to personnel who require access to perform their duties.

6. Security Measures

Trafficmind implements appropriate technical and organizational measures designed to protect personal data against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

These measures include:

  • Encryption in transit
  • Access controls based on least privilege
  • Multi factor authentication for administrative access
  • Network segmentation
  • Centralized logging and monitoring
  • Incident response procedures
  • Vendor risk management controls

Trafficmind regularly reviews and updates its security practices in line with industry standards.

7. Subprocessors

Trafficmind may engage subprocessors to support delivery of the services, including infrastructure providers and technical service providers.

Trafficmind ensures that subprocessors are bound by written agreements imposing data protection obligations no less protective than those set forth in this DPA.

Upon request, Trafficmind will provide information regarding its subprocessors.

8. International Transfers

Trafficmind may process personal data in Switzerland, the European Union, the United Kingdom, or other jurisdictions where its infrastructure or service providers operate.

Where personal data is transferred outside of jurisdictions recognized as providing adequate protection, Trafficmind relies on appropriate safeguards, including Standard Contractual Clauses and relevant addendums.

Trafficmind implements supplementary technical and organizational measures where required.

9. Data Subject Rights Assistance

To the extent legally permitted, Trafficmind will assist the Customer in responding to data subject requests relating to access, correction, deletion, restriction, or portability of personal data.

If Trafficmind receives a request directly from a data subject relating to Customer data, Trafficmind will promptly notify the Customer unless legally prohibited.

10. Security Incidents

Trafficmind maintains incident detection and response procedures.

In the event of a confirmed personal data breach affecting Customer data, Trafficmind will notify the Customer without undue delay and provide information reasonably necessary to assist the Customer in meeting its legal obligations.

11. Audits and Compliance

Trafficmind will make available information reasonably necessary to demonstrate compliance with this DPA.

Where required by applicable law, Trafficmind will allow audits or inspections subject to reasonable confidentiality and security safeguards.

Third party certifications, audit reports, or security assessments may be provided in lieu of on site audits where appropriate.

12. Return or Deletion of Data

Upon termination of the services agreement, Trafficmind will, at the Customer’s choice, delete or return personal data, unless retention is required by applicable law.

Residual copies retained in secure backups will be deleted in accordance with Trafficmind’s data retention policies.

13. Governing Law

This DPA is governed by the law specified in the main services agreement. Where not specified, Swiss law applies.

Contact

Questions regarding this Data Processing Agreement may be directed to:

TMN SA
Rue du Grand Chêne 5
1003 Lausanne
Switzerland

Email: support@trafficmind.com