Data Processing Addendum

Processor terms for customers using Whois JSON API with personal data.

Last updated: April 17, 2026

This Data Processing Addendum (the "DPA") forms part of the Terms of Service or other written agreement between Whois JSON API and Customer when Whois JSON API processes Personal Data on Customer's behalf.

1. Roles

For Personal Data processed on Customer's behalf, Customer is the Controller and Whois JSON API is the Processor. If Customer acts as a processor for another controller, Customer is responsible for ensuring that its instructions to Whois JSON API are authorized by that controller.

2. Customer Instructions

Whois JSON API will process Personal Data only to provide, secure, support, maintain, and improve the Services; comply with Customer's documented lawful instructions; comply with law; prevent abuse; and perform obligations under the agreement.

3. Details of Processing

  • Subject matter: Hosted WHOIS, DNS, domain, status, and related API services.
  • Duration: The subscription term plus the retention period needed for deletion, backup expiry, compliance, security, and dispute purposes.
  • Nature and purpose: API request handling, account operation, support, security, billing, abuse prevention, logging, and service maintenance.
  • Categories of Personal Data: Account contact data, billing contact data, support communications, API request metadata, IP addresses, authentication data, usage data, logs, and data included in API requests or responses.
  • Categories of Data Subjects: Customer personnel, Customer users, end users, support contacts, account administrators, and individuals whose data appears in lawful API requests or public domain records.

4. Confidentiality

Whois JSON API will ensure that personnel authorized to process Personal Data are bound by confidentiality obligations or are under an appropriate statutory obligation of confidentiality.

5. Security Measures

Whois JSON API will maintain commercially reasonable technical and organizational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Measures may include HTTPS encryption in transit, access controls, credential protection, least-privilege access, logging, monitoring, backups where appropriate, and administrative safeguards.

6. Subprocessors

Customer authorizes Whois JSON API to use subprocessors to provide the Services. Subprocessor categories may include hosting and infrastructure providers, CDN and DDoS protection providers, payment processors, email delivery providers, support tools, analytics providers, and logging or monitoring providers.

Subprocessors may include Cloudflare, DigitalOcean, Amazon Web Services, Stripe, and similar vendors where used to operate the Services. Whois JSON API will require subprocessors to protect Personal Data under obligations substantially similar to this DPA.

7. International Transfers

Where Personal Data is transferred from the European Economic Area, United Kingdom, Switzerland, or another jurisdiction with transfer restrictions to a country without an adequacy decision, Whois JSON API will use appropriate safeguards such as Standard Contractual Clauses, the UK International Data Transfer Addendum, or another lawful transfer mechanism.

8. Data Subject Requests

Whois JSON API will reasonably assist Customer in responding to data subject requests to the extent Customer cannot fulfill the request independently through the Services. Customer is responsible for verifying and responding to requests from data subjects where Customer is the Controller.

9. Security Incidents

Whois JSON API will notify Customer without undue delay after becoming aware of a confirmed Personal Data breach affecting Personal Data processed on Customer's behalf, as required by applicable law. Whois JSON API will provide available information reasonably needed by Customer to meet breach notification obligations.

10. Deletion and Return

Upon termination of the Services, Whois JSON API will delete or return Personal Data processed on Customer's behalf upon Customer's request, unless retention is required by law, security, backup, dispute, fraud prevention, or legitimate business record needs.

11. Assistance and Audits

Whois JSON API will provide reasonable information necessary to demonstrate compliance with this DPA. Any audit must be reasonable in scope, scheduled in advance, avoid disruption to the Services, protect confidential information, and not compromise the security of other customers.

12. Customer Responsibilities

Customer is responsible for having a lawful basis for processing Personal Data, providing required notices, obtaining required consents, honoring data subject rights, configuring the Services lawfully, and ensuring that Customer's use of API results complies with applicable privacy and data protection laws.

13. Contact

Questions about this DPA can be sent to [email protected].