Data Processing Agreement (DPA)

Data processing agreement pursuant to Art. 28 GDPR.

Last updated: 2026-06-01

1. Subject Matter and Duration of Processing

This agreement governs the processing of personal data by Noscrape on behalf of the controller in connection with the use of the Noscrape platform, API and related services.

Processing is carried out in particular for the technical obfuscation of text and JSON content through dynamically generated font files and character replacement.

The duration of this agreement depends on the duration of the controller’s use of Noscrape services.

2. Nature and Purpose of Processing

Noscrape processes personal data solely for the technical execution of the services requested by the controller.

  • technical processing of text and JSON content
  • generation of obfuscated content
  • temporary provision of generated font files
  • technical security and rate limiting functions
  • provision of API and platform functionality

3. Categories of Personal Data

Depending on usage, the following categories of data may in particular be processed:

  • names
  • contact details
  • text input
  • JSON data
  • technical metadata
  • IP addresses
  • API-related metadata

4. Categories of Data Subjects

The following categories of persons may in particular be affected by the processing:

  • customers
  • prospective customers
  • employees
  • business partners
  • users of platforms or applications of the controller

5. Rights and Obligations of the Controller

The controller remains the controller within the meaning of data protection law.

The controller is responsible in particular for the lawfulness of processing, compliance with legal information obligations and the legality of transmitted content.

The controller shall not transmit unlawful content or content whose processing violates applicable law.

6. Obligations of Noscrape

Noscrape processes personal data solely on documented instructions from the controller unless legally required otherwise.

Noscrape undertakes to maintain confidentiality regarding all personal data processed under this agreement.

Noscrape implements appropriate technical and organizational measures pursuant to Art. 32 GDPR.

Noscrape shall inform the controller without undue delay of any known personal data breaches.

7. Technical and Organizational Measures (TOMs)

Noscrape implements appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.

  • TLS/HTTPS encryption
  • API keys and access restrictions
  • rate limits and security mechanisms
  • security updates and infrastructure maintenance
  • backup and recovery concepts
  • logging of technical events
  • role-based access control

8. Subprocessors

Noscrape is entitled to use subprocessors.

Currently used subprocessors may in particular include hosting, CDN or payment service providers.

  • Hetzner Online GmbH
  • Bunny CDN
  • Mollie B.V.

9. Processing Outside the EU/EEA

Personal data is processed within the European Union or the European Economic Area wherever possible.

If processing outside the EU or EEA becomes necessary in the future, this will only take place in compliance with applicable data protection requirements.

10. Audit Rights

The controller is entitled to verify compliance with legal data protection obligations and this agreement to an appropriate extent.

Audits must be conducted with reasonable prior notice and may not impair ongoing operations or the security of Noscrape systems.

Noscrape may provide appropriate alternative evidence regarding compliance with data protection requirements.

11. Deletion and Return of Data

Personal data is generally processed only temporarily and is not stored permanently.

Generated font files may be stored temporarily depending on the selected subscription plan and are subsequently deleted automatically.

After termination of use, personal data is deleted within the scope of technical and legal possibilities.

12. On-Premise Installations

For self-hosted on-premise installations, personal data generally remains entirely within the controller’s infrastructure.

In this case, the controller is responsible for infrastructure, operation, access protection, backups and network security.

13. Liability

The liability of the parties is governed by applicable law and additionally by the agreed Noscrape terms of service.

14. Final Provisions

Amendments and supplements to this agreement must be made in text form.

Should individual provisions of this agreement become invalid, the validity of the remaining provisions shall remain unaffected.

The laws of the Federal Republic of Germany shall apply excluding the UN Convention on Contracts for the International Sale of Goods.

To the extent permitted by law, the place of jurisdiction shall be Passau, Germany.