CargoYatra

Legal

Data Processing Agreement

How we process personal data on your behalf as your processor.

Last updated: 29 June 2026

1. Scope & roles

This Data Processing Agreement (“DPA”) applies where CargoYatra processes personal data on your behalf in providing the Service. For such data you are the data controller (or business) and we are the data processor (or service provider). It supplements our Terms of Service.

2. Processing instructions

We process personal data only on your documented instructions, including as set out in the Terms and this DPA, and as required to provide the Service, unless law requires otherwise.

3. Confidentiality

We ensure that personnel authorised to process personal data are bound by appropriate confidentiality obligations.

4. Security measures

We implement appropriate technical and organisational measures, including encryption in transit, encryption of sensitive credentials at rest, access controls, tenant isolation, logging and monitoring, designed to protect personal data against unauthorised or unlawful processing and accidental loss.

5. Sub-processors

You authorise us to engage sub-processors (for example cloud hosting and infrastructure providers) to support the Service. We impose data-protection obligations on sub-processors and remain responsible for their performance. We will inform you of material changes to our sub-processor list on request.

6. Assistance

Taking into account the nature of processing, we will provide reasonable assistance to help you respond to data-subject requests and to meet your security, breach-notification, and impact-assessment obligations.

7. Personal-data breaches

We will notify you without undue delay after becoming aware of a personal-data breach affecting your data and provide information reasonably available to help you meet your notification duties.

8. Deletion & return

On termination, and at your choice, we will delete or return Customer Data containing personal data, except where retention is required by law, within the timeframe described in our Privacy Policy.

9. Audits

We will make available information reasonably necessary to demonstrate compliance with this DPA and allow for audits on reasonable prior notice, subject to confidentiality and security constraints.

10. International transfers

Where personal data is transferred across borders, we apply safeguards consistent with applicable data-protection law.

11. Contact

To request a signed copy of this DPA, contact hello@lacspace.com.

Questions?

If anything here is unclear, reach our team at hello@lacspace.com.

Other policies

Terms of ServicePrivacy PolicyCookie PolicyAcceptable Use PolicyRefund & Cancellation PolicyService Level AgreementSecurityDisclaimer