Data Processing Agreement
Last updated: March 1, 2026
1. Scope
This Data Processing Agreement ("DPA") applies to all processing of customer personal data by Sovereign Hybrid Compute LLC in connection with the provision of our infrastructure services.
2. Roles
The customer is the Data Controller. SHC acts as a Data Processor, processing data only as necessary to provide the contracted services.
3. Processing Activities
SHC processes data exclusively for the purpose of:
- Provisioning and maintaining infrastructure services
- Account management and billing
- Security monitoring and incident response
- Technical support when initiated by the customer
4. Data Access
SHC does not access customer data stored on VPS instances or colocation servers. Server contents are encrypted at rest and are inaccessible to SHC personnel without customer authorization.
5. Sub-Processors
SHC does not use sub-processors for data processing. All infrastructure is owned and operated by SHC. Payment processing is handled by:
- BTCPay Server — Self-hosted, no third-party data sharing
- Stripe — For credit card payments only (Stripe's DPA applies)
6. Security Measures
Technical and organizational measures are detailed in our Security Overview. These include encryption at rest and in transit, access controls, monitoring, and incident response procedures.
7. Data Breach Notification
In the event of a data breach affecting customer data, SHC will notify the affected customer within 72 hours of becoming aware of the breach, including details of the breach, data affected, and remediation steps taken.
8. Data Deletion
Upon termination of services, customer data is retained for 30 days to allow retrieval. After 30 days, all data is permanently and irrecoverably deleted from our systems, including backups.
9. Audit Rights
Customers may request information about our data processing practices and security measures. On-site audits may be arranged with reasonable notice. Contact compliance@sovereignhybridcompute.com to initiate an audit request.