PricingBlogsDocsAboutSato for WebflowMonetize
MenuClose

DATA PROCESSING ADDENDUM (DPA)

This Data Processing Addendum (“Addendum”) acts as a binding agreement between Flixbox Solutions Private Limited (“Sato” or “Processor”) and the Customer (“User” or “Controller”) to satisfy the requirements of Article 28 of the GDPR.

1. Scope & Role

This Addendum applies where the Customer is subject to the GDPR and uses Sato to host video content.

  • Customer: Acts as the Data Controller.
  • Sato (Flixbox): Acts as the Data Processor.

2. Processing Instructions

Sato shall process Personal Data (video files and associated metadata) only on the documented instructions of the Customer, primarily to host and stream videos via the Sato Player. Sato shall immediately inform the Customer if, in its opinion, an instruction infringes the GDPR.

3. Technical & Organizational Measures

Sato implements high-level security (as detailed in Annex 2), including:

  • Encryption: Passwords, access tokens, and 2FA keys are encrypted at rest.
  • Encryption in Transit: All data moving between the user and our servers (AWS/Digital Ocean) is encrypted via TLS/SSL.
  • Access Control: Access to databases is restricted to authorized personnel who are subject to a strict duty of confidentiality.

4. Sub-Processing

The Customer provides a general authorization for Sato to use the sub-processors listed in the Privacy Policy (AWS, Digital Ocean, BunnyCDN, etc.). Sato ensures these providers maintain equivalent data protection standards. Sato shall inform the Customer of any intended changes concerning the addition or replacement of sub-processors at least 15 days in advance.

5. Data Subject Rights & Assistance

Sato does not track end-viewers. However, Sato shall assist the Customer by appropriate technical and organizational measures for the fulfilment of the Customer’s obligation to respond to requests for exercising Data Subject rights. In the event of a Personal Data Breach, Sato shall notify the Customer without undue delay (and in no event later than 48 hours) after becoming aware of the breach.

6. Audits & Deletion

Sato shall make available to the Customer all information necessary to demonstrate compliance with Article 28 and allow for and contribute to audits or inspections conducted by the Customer. Upon termination of the Service, Sato shall, at the choice of the Customer, delete or return all personal data, unless Indian law requires continued storage.

7. International Transfers

For users in the EEA/UK, the parties agree that the EU Standard Contractual Clauses (SCCs) - Module 2 (Controller-to-Processor) are incorporated here by reference to legalize the transfer of data to our servers in India.

ANNEX 1: DETAILS OF THE TRANSFER

  • Data Subjects: Sato Platform Users (Customers) and Video Viewers (Limited to transient IP detection).
  • Categories of Data: Contact details, billing info, video files, and encrypted authentication tokens.
  • Nature of Processing: Video transcoding, hosting, and global delivery via CDN.
  • Frequency of Transfer: Continuous for the duration of the service.
  • Legal Basis: Performance of a contract and compliance with the SCCs.

ANNEX 2: TECHNICAL & ORGANIZATIONAL MEASURES (TOMs)

The Processor implements the following security measures:

  • Encryption: Sensitive data (passwords, 2FA keys) is encrypted at rest using Bcrypt. All traffic uses TLS 1.2+ encryption in transit.
  • Access Control: Access to S3 buckets (AWS) and Digital Ocean databases is restricted via IAM roles and SSH keys.
  • Resilience: Redundant storage across AWS Mumbai and Digital Ocean with global edge caching via BunnyCDN.
  • Privacy by Design: The video player is built to function without collecting end-user personal data (no viewer cookies).

Have any more questions?
Contact Us
© 2026 All rights reserved.
A product of Flixbox Solutions Pvt. Ltd.
HomeAboutPricingSign In
DocumentationBlogsFAQContact Support
Terms of ServiceRefunds & CancellationPrivacy PolicyDPA