Data Processing Addendum
Version 1.0 — January 7, 2024
This Data Processing Addendum ("DPA") forms part of the contract between Thinksy ("Data Processor") and its customers ("Data Controllers").
1. Data Processing and Protection
The Processor shall only process Personal Data to the extent necessary to provide its services.
The Processor ensures the encryption of data at rest and restricts access through select IP addresses.
The Processor utilizes MFA with security key technology for all accounts accessing critical services.
2. Data Access and Confidentiality
Access to data is restricted to authorized engineers at Thinksy.
The Processor maintains logs of data access, which are overseen by the Chief Technology Officer (CTO).
Measures are in place to ensure the confidentiality and integrity of the data.
3. Data Retention and Deletion
Personal Data shall be retained as long as the customer maintains an account with Thinksy.
Customers may request the deletion of their data by contacting admin@thinksy.app.
4. Security Incident Management
In the event of unauthorized access, Thinksy will initiate a lockdown of the database and conduct a thorough investigation.
The Processor complies with incident notification processes as per relevant laws and regulations.
5. Data Transfer and Storage
Personal Data is processed and stored within the United States.
Thinksy complies with U.S. data protection laws and regulations.
6. Audits and Compliance
The Processor conducts monthly reviews of data access.
Documentation of access checks is securely managed internally.
7. Sub-Processors
Thinksy uses third-party services such as Slack, AWS Lambda, OpenAI, and PlanetScale for data processing.
The Processor ensures that all sub-processors are compliant with the relevant data protection standards.
8. Liability and Indemnification
Details on liability, indemnification, and terms of service as per the main contract.
9. Amendments
This DPA may be amended or updated to remain compliant with legal and regulatory changes.
This DPA is executed as part of the main service agreement between Thinksy and the Data Controller.