Data Processing Agreement — Tarosyn

This Data Processing Agreement (DPA) applies to Tarosyn's processing of personal data on behalf of enterprise customers and covers GDPR-compliant data transfer requirements.

Controller & Processor Roles

Tarosyn LLC acts as the data controller for end-user personal data. For enterprise integrations, Tarosyn may act as a data processor subject to a signed DPA addendum.

Sub-processors

Tarosyn uses the following categories of sub-processors: cloud infrastructure (hosting), email delivery, payment processing, AI model API providers, and crash analytics. A full sub-processor list is available on request via [email protected].

Security Measures

Tarosyn applies the technical and organisational measures described in our Information Security Policy, including TLS encryption, access controls, and audit logging.

Standard Contractual Clauses

For transfers of personal data from the EEA, UK, or Switzerland, Tarosyn relies on the EU Standard Contractual Clauses (Module 2: Controller to Processor) approved by the European Commission.

Breach Notification

In the event of a personal data breach, Tarosyn will notify the relevant controller without undue delay and within 72 hours where feasible, in line with GDPR Article 33.

For a signed DPA addendum, contact [email protected].

Privacy Policy · Data Retention Policy · Trust Center