Rebolt

Data Processing Agreement

This Data Processing Agreement ("Agreement") is entered into by and between:

  • Tieki Inc., a company incorporated under the laws of the State of Delaware, with its principal place of business at 1111B S Governors Ave STE 25859, Dover, DE, 19940, US ("Processor"),

and

  • The customer agreeing to the Terms of Service of the Processor, either as an individual or as a representative of a business entity ("Controller").

This Agreement is effective upon acceptance of the Processor's Terms of Service and governs the processing of personal data in connection with the services provided by the Processor.

1. Subject Matter and Duration

1.1. This Agreement governs the processing of personal data by Processor on behalf of Controller in connection with the provision of services under the main service agreement.

1.2. The duration of this Agreement is the same as the duration of the service agreement between the parties.

2. Nature and Purpose of Processing

2.1. Processor shall process personal data only to the extent necessary to provide the services offered through Rebolt: See Apendix 1*.

2.2. Processing activities include collection, storage, access, transmission, and deletion of personal data.

3. Categories of Data Subjects and Data

3.1. Data Subjects may include users of Controller’s services, customers, employees, and other individuals whose personal data is processed.

3.2. Categories of Personal Data include:

  • Names
  • Email addresses
  • Payment information
  • API credentials for third-party providers (e.g., Gmail, Drive, Outlook, Salesforce, GitHub, etc.)
  • Content created while using the product.

4. Obligations of the Processor

4.1. Processor shall:

  • Process data only on documented instructions from the Controller.
  • Implement appropriate technical and organizational security measures, including MFA, passkeys, and encryption at rest.
  • Ensure confidentiality and integrity of personal data.
  • Assist Controller in responding to data subjects’ rights where applicable.

4.2. Processor shall not engage another subprocessor without informing the Controller.

5. Subprocessors

5.1. The Controller agrees to the use of the following subprocessors:

  • Stripe (payment processing)
  • Resend (email delivery)
  • OpenAI, Anthropic (AI processing)
  • Supabase, Redis (Render.com), AWS (data storage and hosting)

5.2. Processor shall ensure that each subprocessor is bound by data protection obligations consistent with this Agreement.

6. International Data Transfers

6.1. Processor does not transfer personal data internationally outside of the jurisdictions covered by this Agreement.

7. Data Retention and Deletion

7.1. Processor will retain personal data indefinitely unless the Controller requests deletion.

7.2. Upon termination of the service agreement or upon written request, Processor shall delete or return all personal data.

8. Data Subject Rights

8.1. Processor currently does not offer self-serve tools for data deletion or data access requests, but may provide support upon request.

9. Compliance and Security

9.1. Processor complies with applicable data protection laws, including:

  • SOC 2 Type 1 certification scope

9.2. Processor shall implement appropriate safeguards as required by applicable law.

10. Limitation of Liability

10.1. Liability for breaches of this DPA shall be governed by the main service agreement unless otherwise required by applicable law.

11. Miscellaneous

11.1. This Agreement shall be governed by the laws of the State of Delaware.

11.2. In the event of a conflict between this DPA and other terms, this DPA shall prevail with respect to the subject matter herein.

IN WITNESS WHEREOF, the parties agree to this Data Processing Agreement by accepting the Terms of Service or signing below (if required).

Appendix 1

Description of the Processing

Data Subjects

The Customer Personal Data Processed concern the following categories of Data Subjects (please specify): Paid customers of Rebolt and Rebolt users.

Categories of Customer Personal Data

The Customer Personal Data Processed concerns the following categories of data (please specify): Any Personal Data processed by Rebolt on behalf of Customer in connection with providing the Services, including contact information, usage information, profile information, and user-generated content.

Sensitive data

The Customer Personal Data Processed concern the following special categories of data: N/A

Processing operations

The Customer Personal Data will be subject to the following basic Processing activities: Rebolt will Process the Customer Personal Data for purposes of providing Services pursuant to the Agreement and this DPA.

Outcompete with technology