Taps.IM
ENTERPRISEData Processing Agreement
Comprehensive Data Processing Agreement (DPA) governing the handling of personal data within the TapsIM encrypted messaging platform, ensuring full GDPR compliance and privacy protection.
Agreement Overview
Compliance Frameworks
This DPA reflects our commitment to privacy by design principles, ensuring data protection is built into every aspect of our platform.
Data Processing Categories
Detailed breakdown of personal data categories processed, purposes, and retention periods
Account Information
Basic user account data required for service operation
Data Types Processed
- Username/Display name
- Email address (encrypted)
- Account creation timestamp
- Last activity timestamp
- Account preferences and settings
Processing Purpose
User authentication, account management, service provision
Authentication Data
Technical data necessary for secure user authentication
Data Types Processed
- Cryptographic public keys
- Device fingerprints (hashed)
- Authentication tokens (temporary)
- Multi-factor authentication settings
- Login attempt logs (IP addresses hashed)
Processing Purpose
Security, fraud prevention, access control
Message Metadata
Technical metadata required for message routing (content is encrypted)
Data Types Processed
- Message routing information
- Timestamp (encrypted)
- Message size (encrypted)
- Delivery status indicators
- Federation server identifiers
Processing Purpose
Message delivery, system operation, federation routing
Technical Operations Data
System performance and operational data for platform maintenance
Data Types Processed
- Server performance metrics
- System health indicators
- Error logs (anonymized)
- P9 observability data
- Resource utilization statistics
Processing Purpose
System maintenance, performance optimization, security monitoring
Processing Activities
Detailed description of data processing activities and security measures implemented
Message Routing & Delivery
Routing encrypted messages between users and federation servers
Data Processed
Message metadata, routing information, delivery confirmations
Processing Type
Automated processing
Third Parties
Federation partner servers (under equivalent DPAs)
Security Measures
User Authentication & Authorization
Verifying user identity and managing access permissions
Data Processed
Authentication credentials, device information, access logs
Processing Type
Automated with manual security review triggers
Third Parties
None (all processing internal)
Security Measures
System Monitoring & Operations
Maintaining system health and performance monitoring
Data Processed
System metrics, performance data, anonymized usage statistics
Processing Type
Automated processing and aggregation
Third Parties
Cloud infrastructure providers (under processor agreements)
Security Measures
Legal Compliance & Security
Meeting legal obligations and maintaining platform security
Data Processed
Audit logs, security incident data, compliance reports
Processing Type
Automated with manual review for incidents
Third Parties
Regulatory authorities (when legally required)
Security Measures
Data Subject Rights
Your comprehensive privacy rights under GDPR and how to exercise them
Right of Access (Article 15)
Obtain confirmation of data processing and access to personal data
Implementation
Self-service data export tool in user settings
Limitations
Identity verification required; technical limitations for encrypted data
Right to Rectification (Article 16)
Correct inaccurate or incomplete personal data
Implementation
User profile editing tools, support ticket system
Limitations
Technical constraints on encrypted data modification
Right to Erasure (Article 17)
Request deletion of personal data under specific circumstances
Implementation
Account deletion feature with complete data removal
Limitations
Legal retention requirements, backup deletion timelines
Right to Restrict Processing (Article 18)
Limit processing under specific circumstances
Implementation
Account suspension feature, data processing flags
Limitations
Essential processing for security may continue
Right to Data Portability (Article 20)
Receive personal data in structured, machine-readable format
Implementation
Data export tools providing JSON/XML format
Limitations
Only applies to user-provided data, not derived data
Right to Object (Article 21)
Object to processing based on legitimate interests or direct marketing
Implementation
Opt-out mechanisms, communication preferences
Limitations
Overriding legitimate interests for security and fraud prevention
International Data Transfers
Safeguards and legal mechanisms for cross-border data transfers
European Economic Area (EEA)
Transfer Mechanism
Intra-EEA transfer (no additional safeguards required)
Data Types
All personal data categories
Safeguards
GDPR compliance, equivalent protection
United Kingdom
Transfer Mechanism
UK GDPR Adequacy Decision
Data Types
Account and metadata for UK users
Safeguards
UK GDPR compliance, equivalent protection standards
Switzerland
Transfer Mechanism
Swiss DPA compliance and adequacy framework
Data Types
Account and metadata for Swiss users
Safeguards
Swiss Federal DPA compliance, FDPIC oversight
United States
Transfer Mechanism
Standard Contractual Clauses (SCCs) + additional safeguards
Data Types
Limited technical operations data only
Safeguards
EU SCCs, encryption in transit and at rest, access controls
Subprocessors & Partners
Third-party service providers with access to personal data under strict contractual obligations
AWS Europe (Amazon Web Services)
Cloudflare (European data centers)
Hetzner Online GmbH
Our Privacy Commitments
Core GDPR principles and our implementation approach for comprehensive data protection
Data Minimization
Process only data necessary for specified purposes
Purpose Limitation
Use personal data only for specified, explicit, and legitimate purposes
Storage Limitation
Retain personal data only as long as necessary
Security of Processing
Implement appropriate technical and organizational security measures
Exercise Your Privacy Rights
Contact our Data Protection Officer or use our self-service tools to exercise your GDPR rights and manage your privacy preferences.