Data Processing Agreement
Note: This Data Processing Agreement ("DPA") is incorporated into and governed by the Terms of Service. For Enterprise customers, we offer custom DPAs. Contact legal@justkalm.com for more information.
1. Definitions
"Controller" means the entity that determines the purposes and means of processing personal data.
"Processor" means the entity that processes personal data on behalf of the Controller.
"Data Subject" means the individual whose personal data is processed.
"Personal Data" means any information relating to an identified or identifiable natural person.
"Processing" means any operation performed on personal data.
2. Roles and Responsibilities
For the purposes of this DPA, Customer is the Controller and JustKalm is the Processor. JustKalm will only process personal data on behalf of Customer and in accordance with Customer's documented instructions.
3. Scope of Processing
JustKalm processes personal data as necessary to provide the services described in the Terms of Service. Processing activities include:
- Receiving and processing API requests containing product data
- Storing API logs and usage data
- Providing analytics and reporting
- Customer support and communication
4. Data Security
JustKalm implements appropriate technical and organizational measures to protect personal data, including:
- Encryption of data in transit and at rest
- Access controls and authentication
- Regular security assessments
- Employee training on data protection
- Incident response procedures
5. Sub-processors
Customer authorizes JustKalm to engage sub-processors to assist in providing the services. Current sub-processors include:
| Sub-processor | Purpose | Location |
|---|---|---|
| Amazon Web Services | Cloud infrastructure | United States |
| Stripe | Payment processing | United States |
| Google Cloud | ML infrastructure | United States |
| Intercom | Customer support | United States |
JustKalm will notify Customer of any changes to sub-processors and Customer may object within 30 days.
6. Data Subject Rights
JustKalm will assist Customer in responding to data subject requests, including requests for access, correction, deletion, or portability of personal data.
7. Data Breach Notification
JustKalm will notify Customer without undue delay (and in any event within 72 hours) upon becoming aware of a personal data breach affecting Customer's data.
8. International Transfers
For transfers of personal data outside the European Economic Area, JustKalm relies on Standard Contractual Clauses as approved by the European Commission.
9. Data Retention and Deletion
Upon termination of the services or Customer's request, JustKalm will delete or return personal data within 30 days, except where retention is required by law.
10. Audit Rights
JustKalm will make available information necessary to demonstrate compliance with this DPA. Enterprise customers may request annual audits with reasonable notice.
Contact
For questions about this DPA or to request a signed copy, contact us at legal@justkalm.com.