Data Processing Addendum

Version 1.0 — January 7, 2024

This Data Processing Addendum ("DPA") forms part of the contract between Thinksy ("Data Processor") and its customers ("Data Controllers").

1. Data Processing and Protection

  • The Processor shall only process Personal Data to the extent necessary to provide its services.

  • The Processor ensures the encryption of data at rest and restricts access through select IP addresses.

  • The Processor utilizes MFA with security key technology for all accounts accessing critical services.

2. Data Access and Confidentiality

  • Access to data is restricted to authorized engineers at Thinksy.

  • The Processor maintains logs of data access, which are overseen by the Chief Technology Officer (CTO).

  • Measures are in place to ensure the confidentiality and integrity of the data.

3. Data Retention and Deletion

  • Personal Data shall be retained as long as the customer maintains an account with Thinksy.

  • Customers may request the deletion of their data by contacting

4. Security Incident Management

  • In the event of unauthorized access, Thinksy will initiate a lockdown of the database and conduct a thorough investigation.

  • The Processor complies with incident notification processes as per relevant laws and regulations.

5. Data Transfer and Storage

  • Personal Data is processed and stored within the United States.

  • Thinksy complies with U.S. data protection laws and regulations.

6. Audits and Compliance

  • The Processor conducts monthly reviews of data access.

  • Documentation of access checks is securely managed internally.

7. Sub-Processors

  • Thinksy uses third-party services such as Slack, AWS Lambda, OpenAI, and PlanetScale for data processing.

  • The Processor ensures that all sub-processors are compliant with the relevant data protection standards.

8. Liability and Indemnification

  • Details on liability, indemnification, and terms of service as per the main contract.

9. Amendments

  • This DPA may be amended or updated to remain compliant with legal and regulatory changes.

This DPA is executed as part of the main service agreement between Thinksy and the Data Controller.