Skip to main content
MavenPay
Data Processing

Data Processing Addendum

For B2B customers under GDPR Art. 28 + UK Data Protection Act

  • Last updated ·
  • Effective from ·
Read in fullReach Compliance
The Short Version

If you're a business customer (Business plan tier+) and you're processing personal data of EU/UK residents through MavenPay, this DPA defines our role as your processor. Standard Contractual Clauses are appended for international transfers.

1. Roles

You are the data controller for personal data you upload (employees, contractors, customers).

Maven Pay Inc. is the processor. The team processes that data only on your typed instructions to deliver the MavenPay service.

2. Security Measures

TLS 1.3 in transit, AES-256 at rest. Vault-encrypted secrets. Policy enforced on every action.

Annual SOC 2 Type II audit. Penetration testing every six months.

Sub-processors listed at /compliance/sub-processors (regional + functional categories).

3. Breach Notification

You are notified inside 72 hours of MavenPay identifying a personal-data breach affecting your data.

4. Standard Contractual Clauses

EU SCCs (2021/914) and UK IDTA (2022) appended for international transfers — request the signed addendum from compliance@mavenpay.com.

Behind The Rail

Built On A Regulated Canadian Rail

Money Service Business🇨🇦C1000000640FINTRAC-registered
Payment Service Provider🇨🇦Supervised By Bank Of CanadaVerify on Bank of Canada
Reach

Questions about this document? Reach compliance@mavenpay.com.

Document version effective 2026-05-01. Last updated 2026-05-01. Prior versions available on request.