Contact us
Contact us

Our offices

  • United States
    2332 Beach Avenue
    Venice, CA 90291
  • Singapore
    L39, Marina Bay Financial Centre Tower
    10 Marina Boulevard

Follow us

Data Processing Agreement

Terms governing how Skytells processes personal data on behalf of our customers as a data processor.

Last updated: January 15, 2026

1. Scope and Purpose

This Data Processing Agreement (“DPA”) forms part of the agreement between Skytells, Inc. (“Processor”) and the customer (“Controller”) for the processing of personal data in connection with the use of Skytells services. This DPA applies where Skytells processes personal data on behalf of the customer.

2. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person
  • Processing: Any operation performed on personal data, including collection, storage, use, and deletion
  • Data Subject: The individual whose personal data is being processed
  • Sub-processor: A third party engaged by Skytells to process personal data

3. Obligations of the Processor

Skytells shall:

  • Process personal data only on documented instructions from the Controller
  • Ensure persons authorized to process data are bound by confidentiality
  • Implement appropriate technical and organizational security measures
  • Assist the Controller in responding to data subject rights requests
  • Delete or return all personal data upon termination of the agreement
  • Make available information necessary to demonstrate compliance

4. Sub-processors

Skytells may engage sub-processors to assist in providing the services. We will:

  • Maintain an up-to-date list of sub-processors
  • Notify the Controller of any intended changes to sub-processors
  • Ensure sub-processors are bound by equivalent data protection obligations
  • Remain liable for the acts and omissions of sub-processors

5. Security Measures

Skytells implements the following technical and organizational measures:

  • Encryption of data at rest and in transit (TLS 1.3)
  • Access controls and authentication mechanisms
  • Regular security assessments and penetration testing
  • Incident detection and response procedures
  • Business continuity and disaster recovery plans
  • Employee security training and awareness programs

6. Data Breach Notification

In the event of a personal data breach, Skytells will notify the Controller without undue delay and no later than 72 hours after becoming aware of the breach. The notification will include the nature of the breach, categories of data affected, likely consequences, and measures taken to address the breach.

7. International Transfers

Where personal data is transferred outside the European Economic Area, Skytells ensures appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms as recognized by applicable data protection authorities.

8. Term and Termination

This DPA remains in effect for the duration of the service agreement. Upon termination, Skytells will delete or return all personal data within 30 days, unless retention is required by applicable law.