Kasunduan sa Pagproseso ng Data
Threada's standard Data Processing Kasunduan covering GDPR, CCPA, at other applicable data protection obligations.
Scope at applicability
Ang DPA na ito ay applies sa lahat ng processing ng personal data performed by Threada on behalf ng ang customer sa connection na may ang Threada platform. It supplements ang Terms ng Service at governs data handling, security measures, at breach notification procedures.
Roles at responsibilities
ang customer acts bilang ang data controller. Threada acts bilang isang data processor, processing personal data lang bilang instructed by ang customer at bilang necessary sa deliver ang service.
Technical at organizational measures
- Encryption sa transit (TLS 1.2+) at rest (AES-256)
- Tenant-scoped data isolation na may no cross-tenant access
- Role-based access controls na may audit logging
- Awtomatikong dependency at advisory vulnerability scanning at isang pinananatiling threat model
- Incident response procedures na may defined notification timelines
Mga subprocessor
Threada maintains isang kasalukuyang list ng subprocessors. Customers ay notified ng material changes. See ang subprocessors page para sa ang buong list.
Mga karapatan ng data subject
Threada sumusuporta customers sa responding sa data subject access, rectification, deletion, at portability requests sa pamamagitan ng platform tooling at operational processes.
Data retention at deletion
Data retention policies ay configurable per workspace. Upon contract termination, customer data ay natanggal within 90 days unless isang longer retention period ay kailangan by law.