Logo AnalyticsCLI.com
Start Free

Data Processing Addendum / AVV

Last updated: May 8, 2026

AnalyticsCLI provides a data processing addendum ("DPA" / "AVV") for customers who use the service to process personal data on behalf of their own users. This page summarizes the operational terms we use for the first production version.

1. Roles

For customer analytics events submitted through the SDK, API, CLI, dashboard, or export tooling, the customer normally acts as controller and AnalyticsCLI acts as processor. AnalyticsCLI acts as controller for its own account administration, billing, website, security, and legal compliance data.

2. Processing scope

  • product analytics events and related event properties submitted by the customer;
  • pseudonymous identifiers, session identifiers, device/runtime metadata, and coarse geo metadata;
  • query results, dashboard views, exports, feedback records, and operational logs needed to provide the service.

Customers must not submit secrets, payment card data, passwords, health data, biometric data, or other special-category data unless we expressly agree in writing.

3. Security measures

  • tenant isolation and project-scoped authorization for dashboard/API/CLI reads;
  • publishable ingest keys separated from read-only CLI tokens;
  • server-side schema validation and parameterized analytics queries;
  • release/debug data separation for analytics views where applicable;
  • retention controls for raw events, aggregates, exports, post-cancellation data, and backup expiry;
  • core analytics hosting in Germany, with subprocessors listed on the vendor page.

4. Subprocessors and transfers

Current subprocessors and supporting vendors are listed on the Vendors and Subprocessors page. If we add or replace a subprocessor that processes customer personal data, we will update the public list and provide notice where required. International transfers use adequacy decisions or appropriate safeguards such as the European Commission Standard Contractual Clauses where applicable.

5. Data subject requests and deletion

Customers remain the first contact for end-user data subject requests involving their own analytics data. We support customer instructions for access, export, correction, restriction, and deletion to the extent available in the service and documented operating process. Backup copies expire according to the configured backup retention period.

6. How to request the DPA

Email contact@wotaso.com with your company name, billing email, tenant/project identifier, and requested contracting entity. We will provide the current DPA/AVV package and subprocessor information for signature or written confirmation.