This Data Processing Amendment (“DPA”) forms part of the Terms of Service or Privacy Policy between Taskip (“Company”) and the Customer (“Controller”).
This DPA sets out the obligations of the parties regarding the processing of Personal Data in connection with the use of the Taskip website and services, in compliance with the EU General Data Protection Regulation (“GDPR”), UK GDPR, and the California Consumer Privacy Act (“CCPA”).
Definitions
- “Personal Data”: Information relating to an identified or identifiable person.
- “Processing”: Any operation performed on Personal Data (collection, storage, use, transfer, deletion, etc.).
- “Controller”: The Customer, who determines purposes and means of Processing.
- “Processor”: Taskip, which processes Personal Data on behalf of the Customer.
- “Sub-processor”: A third party engaged by Taskip to process Personal Data.
Roles of the Parties
- Customer acts as Controller of the Personal Data.
- Taskip acts as Processor and will process Personal Data solely to provide and improve the Taskip website and related services.
Scope of Processing
Taskip may process Personal Data to:
- Provide access to and maintain the Taskip website;
- Monitor website usage to improve performance and security;
- Provide analytics, advertising, and marketing services;
- Fulfill legal obligations.
Security Measures
Taskip will implement technical and organizational measures to protect Personal Data from unauthorized access, alteration, disclosure, or destruction.
Sub-processors
- Customer authorizes Taskip to engage sub-processors necessary for website hosting, analytics, and advertising.
- Taskip will ensure all sub-processors are subject to data protection obligations at least as strict as those set out in this DPA.
International Transfers
If Personal Data is transferred outside the EEA/UK, Taskip will ensure compliance with applicable data protection laws (e.g., using Standard Contractual Clauses).
Data Subject Rights
Taskip will assist the Customer in responding to data subject requests regarding access, correction, deletion, or restriction of Personal Data.
Data Breach Notification
Taskip will notify the Customer without undue delay in the event of a confirmed data breach affecting Personal Data collected through the Taskip website.
Data Retention and Deletion
Taskip will retain Personal Data and workspace data only as long as necessary to provide services, ensure disaster recovery, or comply with legal requirements. Upon request, Taskip will delete or anonymize Personal Data.
Liability and Governing Law
This DPA is subject to the limitations of liability and governing law defined in the Agreement or Privacy Policy.
Annex I – Details of Processing
- Subject Matter: Operation of the Taskip website.
- Duration: For the duration of website use.
- Nature and Purpose: Collection of visitor data for analytics, security, and advertising.
- Types of Personal Data: IP address, device information, browsing behavior, cookies.
- Categories of Data Subjects: Website visitors and users.
Annex II – Sub-processor List
| Sub-processor | Purpose | Data Processed | Location |
| Vultr | Web app hosting and database server | Technical & usage data | EU |
| Contabo | WebSocket hosting | Technical & usage data | EU |
| Vercel | Frontend hosting and status monitor server | Technical & usage data | Global |
| Postmark | Email delivery & notifications | Email addresses, message metadata | Global |
| Cloudflare | DNS management and asset storage (R2) | Technical & usage data | Global |
| Pusher | Real-time messaging | Usage data, session data | EU |
| Google Analytics 4 | Website analytics | Usage data, cookies, IP address (pseudonymized) | Global |
| Google Ads | Advertising & conversion tracking | Cookies, browsing activity | Global |
| Facebook Pixel | Advertising & retargeting | Cookies, browsing activity | Global |
| Microsoft Clarity | Session recording & behavioral analytics | Clicks, session data, usage data | Global |