ByHubo ProcureKit — DPA and trust page for micro-SaaS

Policies and agreements

Procurement artifacts for Buyers evaluating ByHubo.

How is data encrypted?: All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption provided by our cloud infrastructure providers.
What is your data retention policy?: We retain personal data only as long as necessary to provide our services and comply with legal obligations. Specific retention periods are documented in our privacy policy.
How do you handle data breaches?: We maintain an incident response plan. In the event of a personal data breach, we will notify affected customers and relevant supervisory authorities within 72 hours as required by GDPR.
Do you offer a DPA?: Yes. We provide a Data Processing Agreement based on Common Paper standard terms, available for download on this Trust Page.
Where is data stored?: Primary data is stored in EU and US regions depending on the subprocessor. See our subprocessor list below for specific data locations.

Third-party vendors that process personal data on our behalf.

Name	Purpose	Location	DPA
Clerk	Authentication and user management	United States	View DPA
Stripe	Payment processing	United States / EU	View DPA
Vercel	Application hosting and CDN	United States / EU	View DPA
PostHog	Product analytics	United States / EU	View DPA
Resend	Transactional email	United States