GarageTome

Data Processing Agreement (DPA)

Data Processing Agreement (DPA)

GarageTome Data Processing Agreement. Review data processing roles, security measures, subprocessors, and retention terms.

Last updated: April 25, 2026

1. Scope

This DPA forms part of the Terms of Service between GarageTome (“Processor”) and Customer (“Controller”).

In the event of conflict, the Terms of Service shall prevail unless otherwise required by applicable data protection law.

Processor will process personal data solely to provide the Service.

2. Roles

  • Customer: Data Controller
  • GarageTome: Data Processor

3. Types of Data

  • Account data (name, email)
  • Operational data (vehicles, maintenance logs)
  • Usage data (IP, device)

4. Instructions

Processor acts only on documented instructions from Controller.

Refunds are subject to the GarageTome Refund Policy, which forms part of these Terms.

5. Subprocessors

Processor may engage subprocessors (e.g., hosting, analytics, Paddle). A current list will be made available upon request.

6. Security Measures

Processor implements technical and organizational measures, including:

Data is retained for as long as necessary to provide the Service and comply with legal obligations.

  • Encryption in transit (TLS)
  • Access controls (RBAC)
  • Logging and monitoring

7. Data Breach

Processor will notify Controller without undue delay after becoming aware of a personal data breach.

8. Data Subject Rights

Processor assists Controller in responding to access, deletion, and portability requests.

9. Data Retention & Deletion

Data export (return) will be provided only where technically feasible and limited to standard formats supported by the Service.

GarageTome is not obligated to provide data in custom formats, perform data transformations, or deliver data beyond the capabilities of the platform’s standard export functionality.

Data will be retained for a limited period (e.g., 30 days) after termination, after which it may be permanently deleted.

10. International Transfers

Where applicable, Processor uses appropriate safeguards for cross-border transfers.

11. Liability

Liability is subject to the limitations set in the Terms of Service.

GarageTome shall not be responsible for any loss of data after the retention period has expired.

12. Contact

For questions about this DPA, you can contact us at:

GarageTome
Email: legal@garagetome.com
Website: https://garagetome.com

Tow truck illustration representing fleet maintenance support