01
Roles
You are the controller of personal data you process through the service. We act as a processor and process personal data only on your documented instructions.
This DPA template summarizes the data processing obligations TuniReach accepts as a processor of your customer data. Enterprise customers sign a countersigned version in their Master Service Agreement.
You are the controller of personal data you process through the service. We act as a processor and process personal data only on your documented instructions.
We maintain a public list of subprocessors and notify customers 30 days before adding a new one. You may object in good faith within that window.
Encryption in transit and at rest, strict access control, audit logging, security monitoring, incident response, and annual penetration testing.
We do not intentionally process special categories of personal data. If your use case requires it, contact us for a dedicated agreement.
We will notify the controller without undue delay and within 72 hours of becoming aware of a personal data breach that affects its data.