ProductKitOS
All Legal Documents

Data Processing Agreement (DPA)

Last updated: December 10, 2024

This Data Processing Agreement (“Agreement”) forms part of the Product Kit OS Terms of Service and applies when Product Kit OS (“we,” “our,” or “us”) processes personal data either (1) as a Data Controller, or (2) on behalf of users who utilize features where Product Kit OS acts as a Data Processor.

By using the Service, you agree to the terms of this DPA.

1. Definitions

“Controller” means the party that determines the purposes and means of processing personal data.
“Processor” means the party that processes personal data on behalf of the Controller.
“Personal Data” means any information relating to an identifiable natural person.
“Service” means Product Kit OS, including its digital products, SaaS platform, and related offerings.
“Sub-processor” means any third party engaged by Product Kit OS to assist in processing personal data.

2. Roles of the Parties

2.1 When Product Kit OS is the Controller

We act as the Controller for:

  • User accounts
  • Purchase information
  • Analytics data
  • Support communications
  • Marketing communications (with consent)

In these cases, we determine the purpose and means of processing.

2.2 When Product Kit OS is the Processor

We act as the Processor when users store, upload, or manage personal data within features of the Service (present or future).
You act as the Controller of such data.

Examples include (future SaaS features):

  • Customer profiles
  • Notes, templates, or uploads containing personal data
  • CRM or marketing content stored inside Product Kit OS

3. Obligations of Product Kit OS as Processor

When acting as a Processor, we will:

3.1 Process only on documented instructions

We only process personal data according to your instructions or as required by law.

3.2 Maintain confidentiality

Employees and contractors are bound by confidentiality obligations.

3.3 Implement security measures

We use reasonable and appropriate security measures including:

  • Encryption in transit
  • Secure password hashing
  • Access controls
  • Regular audits and monitoring

3.4 Use of Sub-processors

We use trusted Sub-processors such as:

  • Payment processors (Stripe or similar)
  • Email providers (Postmark, etc.)
  • Cloud hosting (e.g., AWS, Vercel, DigitalOcean, etc.)
  • Analytics platforms

We remain responsible for the actions of Sub-processors.

3.5 Assist the Controller

Upon request, we will assist with:

  • Responding to data subject requests
  • Breach notifications
  • GDPR or CCPA compliance efforts

3.6 Data breach notifications

We will notify you without undue delay if we become aware of unauthorized access to personal data.

3.7 Return or deletion of data

Upon termination of your account, we will delete or anonymize personal data unless legally required to retain it.

4. Obligations of the User (Controller)

When you are the Controller, you agree to:

  • Ensure you have a lawful basis for processing personal data
  • Provide necessary notices to data subjects
  • Not use the Service to store or process sensitive personal data (financial, medical, etc.) unless features explicitly support it
  • Comply with all applicable laws governing personal data

5. International Transfers

Your data may be transferred to countries outside your region.
We rely on appropriate safeguards such as contractual clauses or equivalent protections where required.

6. Liability

Liability for each party is governed by the Terms of Service.

7. Termination

This Agreement remains in effect as long as you use the Service or until replaced by a new version.

8. Contact

For GDPR, CCPA, or data processing inquiries, contact:
support@productkitos.com