Roles
You are the data controller for your subscribers' personal data; palumb is your processor and acts only on your documented instructions.
Legal
When you send notifications through palumb, we process your subscribers' personal data on your behalf. Our Data Processing Agreement (DPA) sets out that relationship under Article 28 of the GDPR — your instructions, our obligations, and the EU data residency that keeps palumb sovereign.
Last updated: 12 June 2026
Draft — pending legal review
Our standard DPA is being finalised. Request it by email and we will share the current version; this page summarises what it covers.
You are the data controller for your subscribers' personal data; palumb is your processor and acts only on your documented instructions.
The EU-based sub-processors palumb uses are listed publicly, with advance notice of material changes so you can object.
Encryption in transit and at rest, encrypted channel credentials, least-privilege access, and breach-notification commitments.
We assist you in responding to access, erasure and other GDPR requests relating to data we process on your behalf.
Your notification data is hosted in the EU by EU providers — no transfers outside the EU/EEA in the ordinary course of the service.
On termination you can export your data, after which it is deleted or returned in line with the agreement and our Privacy Policy.
To receive palumb's Data Processing Agreement, or for any data-protection question, email privacy@palumb.com. We will send you the current version to review and sign.