Kayle

Data Processing Agreement

Our commitment to processing your data with the highest standards of security, privacy, and regulatory compliance.

Trust in data processing begins with clear commitments and transparent practices.

Purpose and Scope

This Data Processing Agreement (DPA) governs the processing of personal data by Kayle on behalf of our customers in connection with our content moderation services.

This agreement ensures compliance with GDPR, CCPA, and other applicable data protection laws while maintaining our philosophical commitment to privacy and data minimization.

Definitions

For the purposes of this DPA:

• 'Personal Data' means any information relating to an identified or identifiable natural person

• 'Processing' means any operation performed on personal data

• 'Data Controller' refers to our customers who determine the purposes of processing

• 'Data Processor' refers to Kayle as the entity processing data on behalf of the controller

These definitions align with GDPR Article 4 and similar regulations.

Data Processing Principles

We adhere to the following principles in our data processing activities:

• Processing only on documented instructions from the controller

• Implementing appropriate technical and organizational measures

• Ensuring confidentiality commitments from personnel

• Assisting the controller in responding to data subject rights

• Supporting the controller's compliance obligations

Security Measures

Our security measures include:

• End-to-end encryption for data in transit and at rest

• Access controls and authentication mechanisms

• Regular security assessments and penetration testing

• Employee training on data protection

• Incident response procedures

These measures are regularly reviewed and updated to ensure continued effectiveness.

Subprocessing

We maintain strict control over subprocessors:

• All subprocessors are carefully selected and vetted

• Customers are informed of any intended changes to subprocessors

• Subprocessors are bound by similar data protection obligations

• A current list of subprocessors is maintained at /subprocessors

Data Transfers

For international data transfers, we ensure appropriate safeguards:

• Standard Contractual Clauses (SCCs) where applicable

• Privacy Shield certification where relevant

• Additional technical measures as required

We maintain transparency about data storage locations and transfer mechanisms.

Breach Notification

In the event of a personal data breach, we will:

• Notify the controller without undue delay

• Provide detailed information about the breach

• Assist in meeting breach notification obligations

• Document and remedy the breach

Our incident response plan ensures swift and appropriate action.

Audit Rights

We support our customers' audit requirements:

• Regular third-party audits and certifications

• Provision of documentation and evidence

• Facilitation of customer audits as agreed

• Prompt response to audit findings

Ready to review our DPA?

Contact our team to receive a copy of our Data Processing Agreement.

Contact UsView Subprocessors