GladiTel

Legal

Data Processing Addendum

Effective Date: March 23, 2026

This Data Processing Addendum ("DPA") supplements the Terms of Service and Privacy Policy and applies where RWX-TEK INC. (d/b/a Gladitel, the "Company") processes personal data on behalf of a User acting as a data controller under the GDPR, UK GDPR, CCPA/CPRA, or other applicable data protection laws.

1. Definitions

"Personal Data," "Data Controller," "Data Processor," "Processing," "Data Subject," and "Supervisory Authority" have the meanings given to them in the GDPR (or equivalent definitions under applicable law).

2. Roles & Scope

Data Controller: The User (you)

Data Processor: The Company (Gladitel)

The Company shall process Personal Data only on documented instructions from the User (including as set forth in the Terms of Service), unless required to do so by applicable law, in which case the Company shall inform the User before processing (unless prohibited by law).

3. Security Measures

The Company shall implement appropriate technical and organizational measures to protect Personal Data, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication mechanisms
  • Regular security assessments and vulnerability testing
  • Employee confidentiality obligations and training
  • Incident response and breach notification procedures
  • Business continuity and disaster recovery measures

4. Sub-Processors

The User provides general authorization for the Company to engage sub-processors. The Company shall:

  • Maintain a list of sub-processors available on request
  • Notify the User of new sub-processors at least 30 days before engagement
  • Impose data protection obligations on sub-processors at least as protective as those in this DPA
  • Remain fully liable for the acts and omissions of its sub-processors

Current Sub-Processors

  • Stripe -- Payment processing (USA)
  • Supabase -- Database and authentication (USA)
  • Vercel -- Website hosting (USA)
  • Resend -- Email delivery (USA)
  • OpenAI / Anthropic -- AI processing (USA, if enabled)

5. Data Subject Rights

The Company shall assist the User in responding to data subject requests (access, rectification, erasure, portability, restriction, objection) to the extent technically feasible. The Company shall promptly notify the User of any data subject request it receives directly.

6. Data Breach Notification

The Company shall notify the User without undue delay (and in any event within 72 hours) upon becoming aware of a personal data breach.

The notification shall include: (a) the nature of the breach; (b) the categories and approximate number of data subjects affected; (c) likely consequences; and (d) measures taken or proposed to address the breach.

7. International Data Transfers

For international transfers of Personal Data to countries without an adequacy determination, the Company relies on Standard Contractual Clauses (Module Two: Controller to Processor) as approved by the European Commission (Decision 2021/914) and the UK Addendum, as applicable. By entering into these Terms, the parties agree to the SCCs incorporated by reference.

8. Audit Rights

The User has the right to audit the Company's compliance with this DPA, subject to reasonable notice, confidentiality obligations, and no more than once per year (unless required by a Supervisory Authority). The Company shall make available all information necessary to demonstrate compliance with applicable data protection laws.

9. Return & Deletion of Data

Upon termination or expiration of the Terms, the Company shall, at the User's election, return or delete all Personal Data, except where retention is required by applicable law. Certification of deletion shall be provided upon request.

10. Contact

RWX-TEK INC. (d/b/a Gladitel)

Hesperia, California, USA

Data protection inquiries: customertek@rwxtek.com

Terms of ServicePrivacy Policy

© 2026 RWX-TEK INC. d/b/a Gladitel. All rights reserved.