Tackd
DPA

Data Processing Addendum

A customer-facing DPA draft for how Tackd processes customer data when providing the service.

Trust posture
Beta-ready, not SOC 2 certified yet

These pages document how Tackd protects customer data today and what still needs formal review before enterprise procurement.

Last updated May 2026
This DPA is a draft. It should be reviewed by counsel and incorporated into an order form, subscription agreement, or signed customer agreement before relying on it as a binding contract.

1. Roles and Scope

The customer is the controller or business for customer data submitted to Tackd. Tackd acts as a processor or service provider when it processes that data to provide the service. This DPA applies to workspace content, prospect data, uploaded files, generated artifacts, CRM sync data, support data, and usage/security logs.

2. Processing Instructions

Tackd will process customer data only to provide, secure, support, and improve the service; to comply with law; or as otherwise instructed by the customer through product configuration, integrations, or written instructions.

3. Confidentiality and Access

Tackd will limit access to customer data to personnel and service providers who need access to operate, secure, support, or improve the service. People with access are expected to handle customer data confidentially.

4. Security Measures

Tackd maintains technical and organizational measures designed to protect customer data, including authenticated access, workspace data isolation, row-level security, server-side secret handling, encrypted CRM tokens, billing controls, rate limits, and operational logging. Additional details are available on the security page.

5. Subprocessors

Tackd may use subprocessors to provide hosting, database, AI, background job, billing, authentication, email, and customer-authorized CRM functionality. Tackd lists subprocessors at /subprocessors. Customers may contact legal@tackd.ai with reasonable subprocessor questions or objections.

6. Customer Assistance

Taking into account the nature of processing and available information, Tackd will provide reasonable assistance for customer requests related to access, deletion, export, correction, security, and data protection assessments.

7. Security Incidents

Tackd will notify affected customers without undue delay after confirming a security incident involving customer data. Notices will include available information about the incident, affected data, mitigation steps, and recommended customer actions.

8. Return or Deletion

Upon termination or written request, Tackd will delete or return customer data within a reasonable period, except where retention is required for legal, security, backup, billing, or audit purposes.

9. Contact

DPA questions can be sent to legal@tackd.ai.