Data processing agreement

Add your customer details, then download the completed agreement as a PDF.

Uses cookies and related identifiers for analytics. The downloaded file reflects the option selected above.

Tracking script

Default script with cookies

Customer legal name

Add the customer company name above

Effective date

March 21, 2026

DataFast data processing agreement

Last updated: August 9, 2025

This Data Processing Agreement ("DPA") is between JustShipIt Pte. Ltd. (trading as DataFast) and [customer legal entity] ("Customer"). It forms part of the Terms of Service and governs how we handle personal data on your behalf.

This version of the DPA is prepared for the DataFast default script with cookies.

1. Key terms

  • Controller - that's you. You decide what data to collect and why (your visitors, your website).
  • Processor - that's us, DataFast. We process the data only to give you analytics and related services.
  • Subprocessor - vendors we use to help process data (for example hosting providers).

2. Scope of processing

  • When you add the DataFast default script to your website, we collect visitor information such as IP address, browser type, device info, user agent, country, unique identifiers, cookies, and page activity.
  • The default script uses cookies or similar identifiers to recognise returning visitors and support user-level analytics features.
  • You are responsible for ensuring your website complies with GDPR and ePrivacy rules, including showing a cookie banner where required.
  • We process data only to provide you with analytics, reporting, and related features. We never use your data for our own marketing or profiling. We never sell or share your data to third parties.

3. Data retention

  • Customer account data is kept until you delete your account.
  • Visitor data retention varies:
    • Short-term trial customers - deleted within weeks.
    • Long-term customers - retained longer to provide historical analytics.
  • You can request deletion at any time.

4. Subprocessors

We currently use the following trusted vendors to process data: AWS, Vercel, Mapbox, OpenAI, MongoDB, Upstash, TinyBird, ClickHouse.

We may add or replace subprocessors, and will update this page when we do.

5. International data transfers

Most of our infrastructure is located outside the EU, including in the United States. This means personal data of EU and EEA residents will be transferred internationally. We rely on our subprocessors' compliance with applicable laws, including GDPR Standard Contractual Clauses where relevant, to safeguard these transfers.

6. Security measures

We implement the following security measures:

  • Encryption in transit via HTTPS.
  • Access controls so only authorised DataFast users can access their own data.
  • Backups to prevent accidental loss of important data.
  • Secure hosting with reputable vendors.

7. Roles and responsibilities

Your responsibilities

  • Ensure you have a lawful basis to collect and process personal data.
  • Implement a cookie banner or privacy notice if required by law.
  • Manage deletion requests from your users.

Our responsibilities

  • Process data only on your instructions.
  • Keep data secure and confidential.
  • Assist you in meeting your data protection obligations, within reason.

8. Data access and exports

DataFast provides access to all personal data processed on behalf of customers via its API. Exports reflect the data as processed and stored by the platform. DataFast does not provide consolidated archive exports or raw event logs.

9. Governing law

This DPA is governed by the laws of Singapore. Any disputes will be resolved exclusively in the courts of Singapore.

By using DataFast, you agree to this DPA.