1. Scope
This DPA forms part of the Terms of Service between GarageTome (“Processor”) and Customer (“Controller”).
Processor will process personal data solely to provide the Service.
2. Roles
- Customer: Data Controller
- GarageTome: Data Processor
3. Types of Data
- Account data (name, email)
- Operational data (vehicles, maintenance logs)
- Usage data (IP, device)
4. Instructions
Processor acts only on documented instructions from Controller.
5. Subprocessors
Processor may engage subprocessors (e.g., hosting, analytics, Paddle). A current list will be made available upon request.
6. Security Measures
Processor implements technical and organizational measures, including:
- Encryption in transit (TLS)
- Access controls (RBAC)
- Logging and monitoring
7. Data Breach
Processor will notify Controller without undue delay after becoming aware of a personal data breach.
8. Data Subject Rights
Processor assists Controller in responding to access, deletion, and portability requests.
9. Data Retention & Deletion
Upon termination, Customer may request deletion of its data.
Data export (return) will be provided only where technically feasible and limited to standard formats supported by the Service.
GarageTome is not obligated to provide data in custom formats, perform data transformations, or deliver data beyond the capabilities of the platform’s standard export functionality.
Data will be retained for a limited period (e.g., 30 days) after termination, after which it may be permanently deleted.
10. International Transfers
Where applicable, Processor uses appropriate safeguards for cross-border transfers.
11. Liability
Liability is subject to the limitations set in the Terms of Service.
GarageTome shall not be responsible for any loss of data after the retention period has expired.
12. Contact
For questions about this DPA, you can contact us at:
GarageTome
Email: legal@garagetome.com
Website: https://garagetome.com
