Legal›Data Processing Addendum
Data Processing Addendum
Updated Jun 2026 · Operator: ООО ПРВТК · Region: RU/CIS staging · production data model, staging cluster only · Compliance: 152-ФЗ · staging validation of CIS/RU launch surface
Effective Date: June 30, 2026 Entity: Privatica, Inc. Mailing Address: 2810 N Church St STE 89170, Wilmington, DE 19802, United States Primary Site: https://thetam.app
This Data Processing Addendum (“DPA”) applies where Privatica, Inc. processes personal data on behalf of a customer as a processor, service provider, or similar role under applicable data protection laws.
1. Parties
Customer: the entity or person using TAM under an order form, subscription, or agreement. Provider: Privatica, Inc..
2. Processing Details
Subject matter: operation of TAM workspace, project, task, wiki, MCP, automation, integration, support, and related services. Duration: term of the customer agreement plus retention period. Nature and purpose: hosting, storage, retrieval, collaboration, automation, support, security, billing, audit, and service operation. Data subjects: customer users, administrators, invited collaborators, support contacts, integration users, and individuals whose information appears in Customer Content. Categories: identifiers, business contact data, workspace metadata, Customer Content, usage logs, audit logs, integration metadata, support communications, billing metadata. Sensitive data: not intended unless customer submits it.
3. Customer Instructions
Provider will process personal data only on documented customer instructions, including through product configuration, order forms, support requests, and this DPA, unless required by law.
4. Confidentiality
Provider will ensure personnel authorized to process personal data are subject to confidentiality obligations.
5. Security
Provider will implement reasonable technical and organizational measures appropriate to the nature of the Service, including access controls, workspace isolation, audit logging, credential protection, and operational security practices.
6. Subprocessors
Customer authorizes Provider to use subprocessors. Provider remains responsible for subprocessor performance under this DPA. Provider will maintain subprocessor information in the Subprocessors page or customer-specific documentation.
7. Assistance
Provider will provide reasonable assistance for data subject requests, security incidents, DPIAs, and regulator inquiries, taking into account the nature of processing and information available.
8. Security Incidents
Provider will notify Customer without undue delay after confirming a security incident involving Customer personal data, unless legally prohibited.
9. Deletion and Return
Upon termination or written request, Provider will delete or return personal data according to the agreement, product functionality, and retention policy, subject to backups, legal obligations, security logs, and legitimate retention needs.
10. Audits
Provider will make reasonable information available to demonstrate compliance with this DPA. Audits must be reasonable, confidential, limited, and not compromise security or other customers.
11. International Transfers
Where required, transfers may rely on standard contractual clauses, Data Privacy Framework participation if certified, or other lawful mechanisms. Additional transfer documentation may be incorporated by reference or executed separately.
12. Conflict
If this DPA conflicts with the main agreement, this DPA controls only for personal-data processing obligations.