Data Processing Addendum
Last updated: June 2026
This Data Processing Addendum (DPA) forms part of the agreement between Popus and customers who use the platform to process personal data of candidates and clients.
Roles of the parties
For personal data processed on the platform, the customer is the data controller and Popus acts as data processor, processing personal data only on the customer's documented instructions.
Scope & purpose
Popus processes personal data solely to provide the service — sourcing, matching, deliverables, CRM, and billing — for the duration of the agreement.
Security measures
Popus maintains technical and organizational measures including encryption in transit and at rest, least-privilege access, per-tenant isolation, audit logging, and encrypted backups.
Subprocessors
Popus engages vetted subprocessors under contractual data-protection obligations and maintains a current list available on request.
Data-subject rights
Popus assists the customer in responding to data-subject requests for access, correction, and deletion, consistent with applicable law (PDPA, APPI, and applicable US privacy law).
Contact
To request the signed DPA or the subprocessor list, email privacy@popus.ai.