LegalData Processing Addendum

Data Processing Addendum

Updated Jun 2026 · Operator: ООО ПРВТК · Region: RU/CIS staging · production data model, staging cluster only · Compliance: 152-ФЗ · staging validation of CIS/RU launch surface

Effective Date: June 30, 2026 Entity: Privatica, Inc. Mailing Address: 2810 N Church St STE 89170, Wilmington, DE 19802, United States Primary Site: https://thetam.app

This Data Processing Addendum (“DPA”) applies where Privatica, Inc. processes personal data on behalf of a customer as a processor, service provider, or similar role under applicable data protection laws.

1. Parties

Customer: the entity or person using TAM under an order form, subscription, or agreement. Provider: Privatica, Inc..

2. Processing Details

Subject matter: operation of TAM workspace, project, task, wiki, MCP, automation, integration, support, and related services. Duration: term of the customer agreement plus retention period. Nature and purpose: hosting, storage, retrieval, collaboration, automation, support, security, billing, audit, and service operation. Data subjects: customer users, administrators, invited collaborators, support contacts, integration users, and individuals whose information appears in Customer Content. Categories: identifiers, business contact data, workspace metadata, Customer Content, usage logs, audit logs, integration metadata, support communications, billing metadata. Sensitive data: not intended unless customer submits it.

3. Customer Instructions

Provider will process personal data only on documented customer instructions, including through product configuration, order forms, support requests, and this DPA, unless required by law.

4. Confidentiality

Provider will ensure personnel authorized to process personal data are subject to confidentiality obligations.

5. Security

Provider will implement reasonable technical and organizational measures appropriate to the nature of the Service, including access controls, workspace isolation, audit logging, credential protection, and operational security practices.

6. Subprocessors

Customer authorizes Provider to use subprocessors. Provider remains responsible for subprocessor performance under this DPA. Provider will maintain subprocessor information in the Subprocessors page or customer-specific documentation.

7. Assistance

Provider will provide reasonable assistance for data subject requests, security incidents, DPIAs, and regulator inquiries, taking into account the nature of processing and information available.

8. Security Incidents

Provider will notify Customer without undue delay after confirming a security incident involving Customer personal data, unless legally prohibited.

9. Deletion and Return

Upon termination or written request, Provider will delete or return personal data according to the agreement, product functionality, and retention policy, subject to backups, legal obligations, security logs, and legitimate retention needs.

10. Audits

Provider will make reasonable information available to demonstrate compliance with this DPA. Audits must be reasonable, confidential, limited, and not compromise security or other customers.

11. International Transfers

Where required, transfers may rely on standard contractual clauses, Data Privacy Framework participation if certified, or other lawful mechanisms. Additional transfer documentation may be incorporated by reference or executed separately.

12. Conflict

If this DPA conflicts with the main agreement, this DPA controls only for personal-data processing obligations.

Questions about this document? Contact us →