Data Processing Agreement (DPA)
Last updated: June 8, 2026
1. Purpose and Scope
This Data Processing Agreement ("DPA") supplements the Terms of Service. It applies when Tajalys Inc. (the "Processor") processes personal data on behalf of the Customer (the "Controller") in connection with the use of the AccessAudit platform, in accordance with the GDPR, Quebec's Law 25, and equivalent data protection laws.
2. Roles and Nature of Processing
- Subject matter: provision of the web accessibility audit service.
- Categories of data: target URLs, technical identifiers, and potentially personal data displayed on the audited public pages.
- Data subjects: users or end clients of the websites audited by the Customer.
3. Tajalys Inc.'s Obligations
As Processor, Tajalys Inc. undertakes to:
- Process personal data only on the Customer's documented instructions.
- Ensure the confidentiality of the data processed by its authorized personnel.
- Implement appropriate technical and organizational measures to protect the data against destruction, loss, or unauthorized access.
- Reasonably assist the Customer in responding to data subject rights requests (access, rectification, erasure).
- Delete or return the data at the end of the subscription, in accordance with the retention policy of the subscribed plan, unless legally required to retain it.
4. Sub-processors
The Customer authorizes Tajalys Inc. to engage the sub-processors listed in the Privacy Policy (notably Vercel, Supabase, Stripe, Zoho, Upstash, Google/Gemini, Sentry, and Railway). Tajalys Inc. will inform the Customer of any addition or replacement of a sub-processor, with the Customer retaining the right to object by terminating the Service.
5. Data Breach Notification
In the event of a personal data breach, Tajalys Inc. will notify the Customer without undue delay after becoming aware of it, to enable the Customer to meet its own legal reporting obligations (GDPR, Law 25).
6. International Transfers
If data is transferred outside the European Economic Area (EEA) or Canada, such transfer will be governed by the European Commission's Standard Contractual Clauses (SCC) or any other appropriate, legally recognized safeguard.
7. Entire Agreement
This DPA constitutes the entire agreement regarding data processing between the parties. For standard plans, Tajalys Inc. does not negotiate or sign DPAs, addenda, or data processing clauses provided by the Customer; this DPA applies by default upon acceptance of the Terms of Service.
8. Liability
Tajalys Inc.'s liability under this DPA is subject to the limitations and exclusions of liability set out in Section 7 of the Terms of Service.