Main Navigation
HomeWebsiteAppAI IntegrationCloud HostingOur WorksWebsite Services
Company
AboutWe're HiringContactLegal
Privacy PolicyApp Privacy PolicyTerms & ConditionsCancellation & RefundSitemapRequest a QuoteMain Navigation
HomeWebsiteAppAI IntegrationCloud HostingOur WorksWebsite Services
Company
AboutWe're HiringContactLegal
Privacy PolicyApp Privacy PolicyTerms & ConditionsCancellation & RefundSitemapRequest a QuoteThis Data Processing Agreement applies where ScriptEvolve Private Limited, as a web development company and technical service provider, processes personal data on behalf of a client in connection with software delivery, SaaS operations, maintenance, managed hosting, API implementation, support, or similar services. It is intended to support controller-to-processor or business-to-service-provider relationships for commercial clients that require documented data protection terms.
This document is a general form of processing terms and should be read together with the applicable master service agreement, proposal, statement of work, order form, or subscription contract. If a signed contract contains stricter or more specific data protection language, that contract will control to the extent of any direct inconsistency.
The client acts as the controller or business customer for personal data that it provides to ScriptEvolve or instructs ScriptEvolve to process. ScriptEvolve acts as the processor or service provider solely to the extent it processes personal data on the client's behalf for the contracted services. ScriptEvolve does not acquire ownership of client personal data by virtue of providing the services.
The subject matter of the processing is the performance, operation, support, security, maintenance, hosting, and improvement of the contracted services. The duration of processing continues for as long as ScriptEvolve provides the relevant services or retains the data in accordance with documented instructions, contractual requirements, legal obligations, or secure backup and deletion procedures.
Processing may include collection, recording, organization, structuring, storage, hosting, access, review, consultation, transmission, restricted disclosure, retrieval, troubleshooting, migration, backup, deletion, and other operations reasonably necessary to provide the services. The purpose is limited to delivering the contracted services and complying with documented client instructions or applicable law.
Depending on the services, the processed data may include business contact details, account credentials, user profile information, support communications, customer records, transactional data, application data, uploaded files, IP addresses, device identifiers, log data, and other information that the client chooses to submit or make available through the services. Data subjects may include the client's employees, contractors, end users, customers, website visitors, suppliers, or other individuals whose information is included in client-controlled systems.
ScriptEvolve will process personal data only on the client's documented instructions, unless otherwise required by applicable law. Instructions may be reflected in the contract, service configuration, written support requests, technical documentation, or other written records accepted by both parties. If ScriptEvolve believes an instruction violates applicable law, ScriptEvolve may notify the client and suspend the affected processing until the issue is resolved.
ScriptEvolve will ensure that personnel authorized to process personal data are subject to appropriate confidentiality obligations and are granted access only where reasonably necessary for service delivery, security administration, support, or legal compliance. Access is limited according to role, need, and operational scope.
ScriptEvolve maintains reasonable technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, and unauthorized access. Measures may include access controls, authentication, logging, environment controls, secure development practices, encrypted transport where appropriate, backups, vendor management, vulnerability remediation, and least-privilege access practices proportionate to the service and risk profile.
The client authorizes ScriptEvolve to use subprocessors that are reasonably required to provide the services, including infrastructure, hosting, storage, communication, monitoring, analytics, authentication, and support providers. ScriptEvolve will impose data protection obligations on subprocessors that are materially consistent with the nature of the services being performed and remains responsible for the performance of its subprocessors to the extent required by applicable law and contract.
Where personal data is transferred across borders, ScriptEvolve will use reasonable measures to support lawful transfer mechanisms and appropriate safeguards, taking into account the service architecture, applicable law, and the location of subprocessors and infrastructure providers.
Taking into account the nature of the processing, ScriptEvolve will provide reasonable assistance to help the client respond to requests from data subjects to exercise rights under applicable data protection law, provided the client remains responsible for evaluating and responding to such requests as controller unless otherwise agreed.
If ScriptEvolve becomes aware of a confirmed personal data breach affecting client personal data processed under this agreement, ScriptEvolve will aim to notify the client as soon as reasonably practicable after verification, provide available information about the nature of the incident, and take commercially reasonable steps to contain, investigate, and remediate the incident.
Upon reasonable written request and subject to confidentiality, proportionality, and security limitations, ScriptEvolve may provide information reasonably necessary to demonstrate compliance with these processing obligations. Any audit or review must avoid disruption, preserve the security of other clients and systems, and may be satisfied through existing documentation, questionnaires, certifications, or summary security materials where appropriate.
Upon termination or expiration of the relevant services, ScriptEvolve will, subject to the contract and applicable law, delete or return client personal data within a reasonable period, except where retention is required for legal compliance, dispute resolution, fraud prevention, backup cycling, or the protection of lawful business interests. Archived copies retained temporarily under normal backup procedures will remain protected and isolated until overwritten or deleted in the ordinary course.
If there is a conflict between this Data Processing Agreement and the main commercial agreement, the data protection terms will control only with respect to the subject matter of personal data processing. Any bespoke signed DPA or security addendum executed by both parties may supersede this public version for the relevant client relationship.
If you need a signed DPA, a subprocessor discussion, or clarification on data handling practices, please contact us through ourcontact page.
We build modern websites, custom apps, AI automation workflows, and cloud-ready digital platforms for growth-focused businesses. Every delivery is designed for clarity, performance, and measurable business outcomes.
About ScriptEvolve: We started in 2012 and support clients with web development, app delivery, AI integration, and AWS-hosted solutions.
We maintain strict legal clarity and confidentiality across white-label and direct engagements.
© 2012-2026 ScriptEvolve Private Limited. All rights reserved.