Bytesalt
Log In

Menu

Go to Bytesalt
Product Pricing Blog Docs

DATA PROCESSING AGREEMENT

Last Updated: November 11, 2025

COVER PAGE

This DPA is between Bytesalt Inc. ("Provider") and the company or person accessing or using the Service ("Customer"). If the person accepting this Agreement is doing so on behalf of a company, all use of the word “Customer” in the Agreement will mean that company. If you are accessing or using the Service on behalf of your company, you represent that you are authorized to accept this DPA on behalf of your company.

This DPA has 2 parts: (1) the Key Terms on this Cover Page and (2) the Common Paper DPA Standard Terms Version 1.1 posted at commonpaper.com/standards/data-processing-agreement/1.1 ("DPA Standard Terms"), which is incorporated by reference. If there is any inconsistency between the parts of the DPA, the Cover Page will control over the DPA Standard Terms. Capitalized and highlighted words have the meanings given on the Cover Page. However, if the Cover Page omits or does not define a highlighted word, the default meaning will be "none" or "not applicable" and the correlating clause, sentence, or section does not apply to this DPA. All other capitalized words have the meanings given in the DPA Standard Terms or the Agreement.

Agreement
Bytesalt Terms of Use, available at https://bytesalt.com/legal/terms

Approved Subprocessors
https://bytesalt.com/legal/subprocessors

Provider Security Contact
security@bytesalt.com

Security Policy
As defined in the Agreement.

Changes to the agreement
Service Provider Relationship
To the extent California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq ("CCPA") applies, the parties acknowledge and agree that Provider is a service provider and is receiving Personal Data from Customer to provide the Service as agreed in the Agreement and detailed below (see Nature and Purpose of Processing), which constitutes a limited and specified business purpose. Provider will not sell or share any Personal Data provided by Customer under the Agreement. In addition, Provider will not retain, use, or disclose any Personal Data provided by Customer under the Agreement except as necessary for providing the Service for Customer, as stated in the Agreement, or as permitted by Applicable Data Protection Laws. Provider certifies that it understands the restrictions of this paragraph and will comply with all Applicable Data Protection Laws. Provider will notify Customer if it can no longer meet its obligations under the CCPA.

Restricted Transfers
Governing Member State
EEA Transfers: Netherlands
UK Transfers: England and Wales

Annex I(A) List of Parties

Data Exporter

Name: the Customer using the Service
Activities relevant to transfer: See Annex 1(B)
Role: Controller

Data Importer

Name: Bytesalt Inc.
Contact person: Deepank Vora, Founder & CEO
Address: 9169 W State St, Garden City, Idaho 83714, USA
Activities relevant to transfer: See Annex 1(B)
Role: Processor

Annex I(B) Description of Transfer and Processing Activities

Service
The Service is: An AI-powered software testing and quality assurance platform

Categories of Data Subjects
Customer's end users or customers
Customer's employees

Categories of Personal Data

  • Name
  • Contact information such as email, phone number, or address
  • Transactional information such as account information or purchases
  • User activity and analysis such as device information or IP address
  • Location information
  • Application data, logs, commands, context, and test artifacts provided by users or generated during automated testing, which may incidentally include personal data

Special Category Data
Is special category data (as defined in Article 9 of the GDPR) Processed? No

Frequency of Transfer
Continuous

Nature and Purpose of Processing

  • Receiving data, including collection, accessing, retrieval, recording, and data entry
  • Holding data, including storage, organization, and structuring
  • Using data, including analysis, consultation, testing, automated decision making, and profiling
  • Protecting data, including restricting, encrypting, and security testing
  • Sharing data, including disclosure, dissemination, allowing access, or otherwise making available
  • Returning data to the data exporter or data subject
  • Erasing data, including destruction and deletion

Duration of Processing
Provider will process Customer Personal Data as long as required (i) to conduct the Processing activities instructed in Section 2.2(a)-(d) of the Standard Terms; or (ii) by Applicable Laws.

Annex I(C) Competent Supervisory Authority

The supervisory authority will be the supervisory authority of the data exporter, as determined in accordance with Clause 13 of the EEA SCCs or the relevant provision of the UK Addendum.

Annex II - Technical and Organizational Security Measures

See Security Policy

Pseudonymization and encryption of personal data:
Customer Personal Data is encrypted in transit using TLS and at rest using industry-standard encryption algorithms such as AES-256

Ensuring ongoing confidentiality, integrity, availability, and resilience of processing systems and services:
Systems are designed with redundancy, network segmentation, and access control measures to maintain confidentiality, integrity, and availability

Ability to restore the availability of and access to the Customer Personal Data in a timely manner following a physical or technical incident:
Regular backups and disaster recovery procedures are maintained to ensure timely restoration of data and service availability after an incident

Regular testing, assessment, and evaluation of the effectiveness of technical and organizational measures used to secure Processing:
Security controls are periodically reviewed through internal assessments, monitoring, and vulnerability evaluations

User identification and authorization process and protection:
Access to systems and Customer Personal Data is restricted through secure authentication, access control policies, and role-based permissions

Protecting Customer Personal Data during transmission (in transit):
All communication between users, services, and systems is protected using encrypted transmission protocols such as TLS

Protecting Customer Personal Data during storage (at rest):
Stored data is protected using encryption and controlled access mechanisms to prevent unauthorized disclosure or modification

Physical security where Customer Personal Data is processed:
Data centers and processing facilities implement industry-standard physical security measures, including access controls and environmental protections

Events logging:
System access and activity events are logged to support monitoring, auditing, and incident investigation

Systems configuration, including default configuration:
Systems are deployed using secure configurations, regularly updated, and monitored to prevent unauthorized changes

Internal IT and IT security governance and management:
Security governance includes access management, periodic reviews, incident response procedures, and adherence to least-privilege principles

Ensuring data minimization:
The Service collects and processes only the data necessary to provide testing and analysis functions

Ensuring limited data retention:
Customer data is retained only as necessary to operate the Service and support customer use

Ensuring accountability:
Access and processing activities are logged and traceable to authorized personnel to ensure accountability

Allowing data portability and erasure:
Customer data can be exported or deleted upon request to support data portability and erasure rights