ASSIST policy
Data Processing Agreement
Where ASSIST processes customer personal data on behalf of a business customer, the customer acts as controller and dont SIA acts as processor except for account, billing, security, and service-administration data handled as controller.
Roles and scope
- The customer determines the purposes and means of processing customer business records and remains the controller for that content.
- dont SIA processes hosted customer records only to provide, secure, maintain, support, and improve ASSIST in line with the agreement and applicable law.
Processing activities
- Processing may include hosting, storage, organization, display, transmission, backup, support handling, security monitoring, and generation of customer-directed workflow outputs.
- Relevant data may include employee, procurement, project, communication, offer, invoice, payment, and other business records entered by the customer.
- Private Google OAuth integrations require user consent and two-factor authentication, and unauthorized admin/support access attempts lock the affected user's Google integration by clearing stored Google OAuth tokens.
Processor obligations
- dont SIA processes personal data only on documented customer instructions, subject to the agreement and applicable law.
- Personnel and subprocessors are bound by confidentiality and equivalent data protection obligations.
- dont SIA assists with data subject requests, incident response, and controller obligations where GDPR Article 28 requires such assistance.
Security, subprocessors, and deletion
- ASSIST applies role-based access, logging, access control, backup handling, transport security, and tenant isolation measures appropriate to the service.
- Subprocessors may be used to operate ASSIST, subject to contractual controls and the published subprocessor list.
- At the end of the service, customer data is returned or deleted according to contract, retention, backup rotation, and legal obligations.
Support contact