Data Processing Agreement (DPA)
Data Processing Agreement within the meaning of Article 28 of the GDPR (General Data Protection Regulation).
This agreement supplements Lampion's Terms of Service and applies to any processing of personal data carried out by Lampion on behalf of the Customer as part of the managed PostgreSQL service.
Last updated: April 1, 2026
1. Parties
Identification of the parties to this agreement.
Processor
Lampion
Managed PostgreSQL database service
Hosted in France, Scaleway infrastructure
Controller
The Customer
Any individual or legal entity using the Lampion service and determining the purposes and means of processing the data stored in its PostgreSQL databases
Lampion acts as a processor within the meaning of Article 4(8) of the GDPR. The Customer remains the controller for all data it stores in its PostgreSQL instances. Lampion does not determine the purposes or means of processing the Customer's data.
2. Purpose and duration
Scope and duration of this agreement.
This DPA defines the conditions under which Lampion, as processor, undertakes to process personal data on behalf of the Customer as part of the provision of the managed PostgreSQL database service.
Processing is strictly limited to what is necessary for:
- Hosting and storing the Customer's PostgreSQL databases
- Backing up and restoring data
- Supervising and monitoring instances
- Technical support
This agreement takes effect on the date the Customer registers for the Lampion service and remains in force for the entire duration of the service's use. It automatically ends when the Customer's account is closed, subject to the deletion obligations set out in section 8.
3. Nature of processing
Description of the processing operations carried out by Lampion.
As part of the managed PostgreSQL service, Lampion carries out the following processing operations:
Storage
Hosting of PostgreSQL data on secure infrastructure (Neon compute + Scaleway S3 object storage)
Backup
Continuous backups via WAL (Write-Ahead Log) and periodic snapshots on S3 object storage
Monitoring
Collection of system metrics (CPU, memory, connections, storage) for supervision and alerting
Maintenance
Technical operations: PostgreSQL updates, compute scaling, restoration in the event of an incident
Lampion does not access the content of the data stored in the Customer's databases, except in the event of an explicit technical support request requiring diagnostics.
4. Data categories
Types of personal data processed.
The categories of data processed depend exclusively on what the Customer chooses to store in its PostgreSQL databases. Lampion imposes no restriction on data types, but distinguishes two levels:
Customer data (database content)
Any data the Customer inserts into its PostgreSQL instances: identification data, contact data, financial data, health data, or any other category depending on the Customer's activity. The Customer is solely responsible for the lawfulness of storing this data and for its classification.
Lampion account data
Email address, organization name, connection logs, IP addresses, API tokens (API keys). This data is processed by Lampion as controller for the management of the service.
Data subjects
The data subjects concerned by the processing are determined by the Customer. They may be the Customer's own users, customers, employees, partners, or any other category of individuals whose data is stored in the PostgreSQL databases.
5. Sub-processors
List of authorized sub-processors within the meaning of Article 28(2) of the GDPR.
The Customer authorizes Lampion to use the following sub-processors. Any change to this list will be notified to the Customer with 30 days notice, in accordance with Article 28(2) of the GDPR.
| Sub-processor | Purpose | Location | Data processed |
|---|---|---|---|
| Scaleway | Cloud hosting (Kubernetes, compute, S3 object storage) | France (Paris, DC2/DC5) | All PostgreSQL database data, backups, logs |
| Grafana Cloud | Observability (metrics, system logs, alerting) | EU (Germany) | System metrics, infrastructure logs (no Customer data) |
| Resend | Sending transactional emails (invitations, alerts) | EU / USA | Email addresses of Lampion account users |
If the Customer objects to a new sub-processor, the Customer may terminate the service without penalty within 30 days of the notification.
6. Data location
Physical location of all data.
Region
France — Paris
Provider
Scaleway (Iliad Group)
Datacenters
DC2 & DC5, Paris, France
Certifications
ISO 27001, HDS (French health data hosting certification), SOC 2
All PostgreSQL database data (active data, WAL backups, S3 snapshots) is stored exclusively in France, in Scaleway's Paris-region datacenters.
No Customer database data is transferred outside the EU (European Union). Only infrastructure metrics (containing no personal data) are sent to Grafana Cloud in Germany.
For a detailed per-project location report, see the endpoint /v1/projects/{id}/residency.
7. Security measures
Technical and organizational measures within the meaning of Article 32 of the GDPR.
Lampion implements the following technical and organizational measures to ensure data security:
Encryption in transit
All PostgreSQL and API connections are encrypted via TLS (Transport Layer Security) 1.2 minimum. The sslmode=require parameter is enforced by default.
Encryption at rest
Storage volumes and S3 buckets are encrypted at rest using AES-256 (Advanced Encryption Standard). WAL backups are also encrypted.
RBAC (Role-Based Access Control)
Role-based access control at the Lampion organization level (owner, admin, developer) and at the PostgreSQL level (native roles).
Audit log
All administrative actions (creation, deletion, modification of projects and computes) are tracked in an immutable audit log.
IP Allowlists
Ability to restrict access to each PostgreSQL compute to a list of authorized IP addresses (CIDR). Any connection outside the list is rejected.
Compute isolation
Each PostgreSQL instance runs in an isolated container within the Kubernetes cluster. One Customer's data is never accessible to another Customer.
8. Retention and deletion
Retention policy and data deletion procedures.
While the service is in use
Data is retained for as long as the project exists and the Customer's account is active. WAL backups and snapshots are retained according to the retention policy configured for each project.
Project deletion
When a project is deleted (via the console or the API), all data is permanently purged: active database, WAL backups, S3 snapshots, logs, metrics. This operation is irreversible and carried out within 72 hours.
Account or organization closure
Deleting an account or an organization results in the deletion of all associated projects and all corresponding data, following the same procedure as above.
Certificate of deletion
Upon request, Lampion provides a certificate attesting to the effective deletion of data, including purge dates and the systems concerned.
9. Data subject rights
Processor assistance in responding to data subject rights requests.
In accordance with Article 28(3)(e) of the GDPR, Lampion assists the Customer in fulfilling its obligation to respond to data subject rights requests:
- Right of access — The Customer can query its PostgreSQL databases to extract a data subject's data
- Right to rectification — The Customer can directly modify data in its databases
- Right to erasure — The Customer can delete data via SQL. Lampion ensures backups are not retained beyond the retention period
- Right to portability — The Customer can export its data via
pg_dump(available through the API) - Right to restriction — Lampion can suspend a compute at the Customer's request to restrict processing
If Lampion directly receives a rights request from a data subject, it will inform the Customer as soon as possible without responding directly, unless legally required to do so.
10. Data breach notification
Procedure in the event of a personal data breach within the meaning of Article 33 of the GDPR.
Notification commitment: 72 hours
Lampion undertakes to notify the Customer of any personal data breach within a maximum of 72 hours of becoming aware of it, in accordance with Article 33(2) of the GDPR.
The notification will include at least:
- The nature of the breach (type, attack vector where applicable)
- The categories and approximate number of individuals and records concerned
- The likely consequences of the breach
- The measures taken or proposed to remedy the breach and mitigate its effects
- The point of contact at Lampion for further information
Lampion will fully cooperate with the Customer to enable it to meet its own notification obligations to the supervisory authority (CNIL) and to data subjects.
11. Right to audit
Controller's right to audit the processor's compliance.
In accordance with Article 28(3)(h) of the GDPR, Lampion provides the Customer with all information necessary to demonstrate compliance with its obligations and contributes to audits.
Documentary audit
The Customer may at any time request documentation relating to security measures, certifications, and internal policies.
On-site / remote audit
The Customer or a mandated third-party auditor may carry out a compliance audit, subject to 30 days notice and a confidentiality agreement.
Audits are limited to one per calendar year, except in the event of a data breach or a request from a supervisory authority. Lampion undertakes to cooperate in good faith and to provide reasonable access to relevant information and systems.
Audit costs are borne by the Customer, unless the audit reveals a failure by Lampion to meet its obligations under this DPA.
Contact
For any question relating to this DPA or to exercise your rights, contact us at [email protected].