1. Introduction
This Data Processing Agreement ("DPA") forms part of the agreement between mastersheets.ai ("Data Processor") and the customer ("Data Controller") for the processing of personal data in connection with the provision of our services. This DPA supplements our Terms of Service, Privacy Policy, and Service Level Agreement and should be read in conjunction with them.
By accessing or using our platform, you acknowledge that you have read, understood, and agree to be bound by this Data Processing Agreement, our Terms of Service, and all other referenced policies. If you do not agree with any part of these policies, you must not use our platform or services.
2. Definitions
- "Personal Data" means any information relating to an identified or identifiable natural person
- "Processing" means any operation performed on Personal Data
- "Data Controller" means the entity determining the purposes and means of Processing Personal Data
- "Data Processor" means the entity Processing Personal Data on behalf of the Controller
- "Data Subject" means the individual to whom Personal Data relates
3. Processing Details
3.1 Subject Matter
The subject matter of the Processing is the provision of services by mastersheets.ai to the Data Controller.
3.2 Duration
The duration of the Processing is for the term of the service agreement plus any post-termination period required by law.
3.3 Nature and Purpose
- Providing spreadsheet-based ERP functionality
- Data storage and backup
- Service improvement and optimization
- Technical support and maintenance
3.4 Types of Personal Data
- Contact information
- Business data
- Usage data
- Technical data
4. Data Processor Obligations
- Process Personal Data only on documented instructions
- Ensure confidentiality of Personal Data
- Implement appropriate technical and organizational measures
- Assist the Data Controller in responding to Data Subject requests
- Notify the Data Controller of any Personal Data breaches
- Delete or return Personal Data upon termination
5. Security Measures
We implement the following security measures:
- Encryption of data in transit and at rest
- Access controls and authentication
- Regular security assessments
- Data backup and recovery procedures
- Physical security measures
- Employee training and confidentiality agreements
6. Sub-processors
We may engage sub-processors to assist in providing our services. We ensure that sub-processors:
- Are bound by similar data protection obligations
- Have appropriate security measures in place
- Are regularly audited for compliance
7. Data Subject Rights
We will assist the Data Controller in fulfilling obligations to respond to Data Subject requests:
- Right to access
- Right to rectification
- Right to erasure
- Right to data portability
- Right to object
- Right to restrict processing
8. Data Breach Notification
In case of a Personal Data breach, we will:
- Notify the Data Controller without undue delay
- Provide information about the nature of the breach
- Describe likely consequences and measures taken
- Cooperate in investigating and mitigating the breach
9. Audit Rights
The Data Controller has the right to:
- Conduct audits of our Processing activities
- Request information about our security measures
- Inspect our facilities and systems
- Review our compliance documentation
10. Contact Information
For questions about this DPA, please contact us at:
Email: dpa@mastersheets.ai
For a complete understanding of our policies, please review our: