Data Processing Agreement

This Data Processing Agreement ("DPA") forms part of the Terms of Service between you and Staxless and governs the processing of personal data in accordance with applicable data protection laws.

1. Definitions

Terms used in this DPA have the meanings given to them in the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Scope and Application

This DPA applies to any personal data we process in connection with your purchase and use of Staxless. As a digital code product, Staxless itself does not process, store, or transmit your end users' data — you control your own deployments and data independently.

3. Data We Process

• Contact information (name, email address)
• Payment information (processed by Stripe — we do not store card details)
• GitHub account information (for repository access)
• Support communications

4. Our Obligations

• Process personal data only as necessary to fulfill your purchase and provide support
• Ensure confidentiality of personal data
• Implement appropriate technical and organizational security measures
• Notify you of any personal data breaches without undue delay
• Delete personal data upon your request, subject to legal retention requirements

5. Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data in transit
• Access controls and authentication mechanisms
• Secure payment processing via Stripe

6. Sub-processors

We use the following sub-processors: Stripe (payment processing), Mailgun (transactional email), and GitHub (repository hosting). Each is bound by their own data protection obligations.

7. Your Deployments

Staxless is a self-hosted code product. Once deployed, you are the sole data controller for any data processed by your application. We have no access to, and bear no responsibility for, data processed by your deployments.

8. International Transfers

If we transfer personal data outside the European Economic Area, we will ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.