Legal Document
Data Processing Agreement
This DPA supplements our Terms of Service and describes how we handle personal data on behalf of our customers in compliance with GDPR and other privacy regulations.
Download DPA Template
For enterprise customers requiring a signed DPA, please contact us. We can execute our standard DPA or review your company's template.
Typical turnaround: 2-3 business days
Data Processing Scope
- We process personal data only as necessary to provide the Thread Transfer services
- Data categories: account information (email, name), usage analytics, payment details (via Stripe)
- Processing purposes: service delivery, customer support, product improvement
- No personal data is used for AI training or sold to third parties
Security Measures
- All data encrypted at rest (AES-256) and in transit (TLS 1.3)
- Infrastructure hosted on Cloudflare with SOC 2 Type II certified data centers
- Access controls with role-based permissions and audit logging
- Regular security assessments and penetration testing
Data Subject Rights
- Right to access: Request a copy of your personal data
- Right to rectification: Correct inaccurate personal data
- Right to erasure: Delete your personal data ('right to be forgotten')
- Right to portability: Export your data in a machine-readable format
Subprocessors
Third-party services that process personal data on our behalf
| Service | Purpose | Location |
|---|---|---|
| Cloudflare | Hosting, CDN, security | USA (EU data residency available) |
| Stripe | Payment processing | USA/EU |
| Google Analytics | Usage analytics (anonymized) | USA (EU data residency) |
Last updated: December 2025. We notify customers of subprocessor changes via email.
Questions about data processing?
Our legal team is available to discuss DPA terms, custom requirements, and compliance questions.
legal@thread-transfer.com