Legal
Data Processing Addendum
This DPA describes data processing responsibilities for customer data handled through OrbitERP.
Last updated: July 8, 2026
Roles
For customer workspace data, the customer is generally the controller or business owner of the data, and Nebulix acts as a processor or service provider to operate OrbitERP.
For Nebulix account, billing, security, and product-improvement data, Nebulix may act as an independent controller where applicable.
Processing instructions
Nebulix processes workspace data to provide the service, support users, secure the platform, maintain auditability, troubleshoot issues, comply with law, and follow documented customer instructions.
Confidentiality and security
Personnel and subprocessors with access to customer data are expected to protect confidentiality and use appropriate technical and organizational safeguards.
Subprocessors and transfers
Nebulix may use hosting, database, storage, payment, email, analytics, or support subprocessors. Cross-border processing may occur where these providers operate.
Customer controls
Customers should manage user roles, remove inactive users, review exports, protect documents, and maintain appropriate accounting, payroll, and legal retention practices.
Contact
DPA questions can be sent to [email protected].
This page is provided for product transparency and general information. It should be reviewed by qualified counsel before being treated as final legal advice.