This Data Processing Agreement ("DPA") forms part of the Terms of Service between Fowcuzz Inc. ("Processor") and the Customer ("Controller").
2.1 Definitions
- "Personal Data" means any information relating to an identified or identifiable natural person.
- "Processing" means any operation performed on Personal Data.
- "Subprocessor" means any third party engaged by Processor to process Personal Data.
2.2 Scope and Roles
The Controller determines the purposes and means of processing Personal Data. The Processor shall process Personal Data only on documented instructions from the Controller.
2.3 Data Processing Details
| Category | Data Elements |
|---|---|
| Identity Data | Name, username, profile picture |
| Contact Data | Email address |
| Usage Data | Task data, focus sessions, metrics |
2.4 Security Measures
- Encryption of data at rest (AES-256) and in transit (TLS 1.3).
- Regular security assessments and penetration testing.
- Access control based on least privilege principle.
- Regular backups with encryption.
2.5 Subprocessors
The Controller provides general authorization for the Processor to engage Subprocessors listed in our Subprocessor List. We remain liable for their compliance.
2.6 Data Subject Rights
The Processor shall assist the Controller in responding to Data Subject requests (access, rectification, erasure, etc.) promptly.
2.7 Data Breach Notification
The Processor shall notify the Controller without undue delay (within 48 hours) after becoming aware of a Personal Data breach.
2.8 International Transfers
For transfers outside the EEA, we use Standard Contractual Clauses (SCCs) and ensure appropriate safeguards.
Contact Us
For questions about this policy:
- Email: dpo@fowcuzz.app
- Subject: DPA Inquiry