Data Processing Agreement for data
Threada's standard Data Processing Agreement for data covering GDPR, CCPA, and other applicable data protection obligations.
Scope plus applicability
Dis DPA applies to all processing of personal data performed by Threada on behalf of di customer in connection with di Threada platform. It supplements di Service terms and governs data handling, security measures, and breach notification procedures.
Roles plus responsibilities
Di customer acts as di data controller. Threada acts as a data processor, processing personal data only as instructed by di customer and as necessary to deliver di service.
Technical plus organizational measures
- Encryption in transit (TLS 1.2+) plus at rest (AES-256)
- Tenant-scoped data isolation with no cross-tenant access wey dey
- Role-based access controls with audit logging wey dey
- Automated dependency plus advisory vulnerability scanning, plus threat model wey dem dey maintain
- Incident response procedures with defined notification timelines wey dey
Subprocessors dem
Threada maintains a current list of subprocessors. Customers dey notified of material changes. See di subprocessors page for di full list.
Data subject rights wey dey
Threada supports customers in responding to data subject access, rectification, deletion, plus portability requests through platform tooling plus operational processes.
Data retention plus deletion
Data retention policies dey configurable per workspace. Upon contract termination, customer data dey deleted within 90 days unless a longer retention period dey required by law.