1. Parties and Definitions

This Data Processing Agreement (“DPA”) forms part of the contract between:

  • Controller: the Customer
  • Processor: ASTON H-S Ltd (Company No. 15866638), trading as Saont™

“Customer Data” means any personal data processed by Saont™ on behalf of the Customer.

2. Scope and Purpose

Processing is strictly limited to the provision of Saont™ services, including SaontDocs™, domain verification, document delivery, audit trails, and platform security.

3. Processor Role

Saont™ acts solely as a processor and does not determine the purposes or means of processing Customer Data.

Saont™ does not validate legal compliance, lawful basis, or regulatory sufficiency of Customer Data.

4. Instructions

Processing is carried out only on documented instructions from the Customer. Saont™ may refuse unlawful or non-compliant instructions.

5. Confidentiality

All personnel authorised to process Customer Data are bound by confidentiality obligations.

6. Security Measures (Annex II)

  • Encryption in transit (TLS)
  • Role-based access control
  • Least privilege enforcement
  • Audit logging and traceability
  • Fail-closed integrity model
  • Domain-bound delivery enforcement
  • Cloudflare infrastructure protection
  • Clerk authentication systems
  • MongoDB secure storage (EU region)
  • Rate limiting and abuse detection

7. Subprocessors

Customer authorises subprocessors listed at legal.saont.com/subprocessors.

Saont™ ensures equivalent obligations are imposed on subprocessors.

8. Subprocessor Objections

Customer may object on reasonable grounds. If unresolved, Customer may terminate affected services.

9. International Transfers

Transfers rely on UK-approved mechanisms including IDTA or SCCs with UK Addendum.

10. Assistance

Saont™ assists with:

  • Data subject requests
  • DPIAs
  • Breach response

11. Breach Notification

Saont™ will notify the Customer without undue delay after becoming aware of a breach.

12. Deletion and Retention

Upon termination, Customer Data will be deleted or returned, except where retention is required for legal or security reasons.

13. Audit Rights

Audits must be proportionate, non-disruptive, and may be satisfied through documentation.

14. Liability

Saont™ is not liable for Customer misuse, unlawful instructions, or incorrect data inputs.

Annex I – Processing Details

  • Subject matter: Saont™ platform
  • Duration: Service term
  • Nature: Storage, access, processing
  • Purpose: Compliance infrastructure
  • Data subjects: Business users
  • Categories: Account, authentication, logs, domain data
  • Special categories: Not required