Data Processing Agreement
Last updated: 8/14/2025

1. Introduction & Scope

This Data Processing Agreement ("DPA") is an addendum to the Terms of Service between Byte Inc. ("Processor") and you ("Controller"). This DPA applies to the extent that Byte processes personal data on behalf of the Controller in the course of providing the Services.

2. Processing of Personal Data

Processor shall process personal data only on behalf of the Controller and in accordance with their documented instructions. The subject matter, duration, nature, and purpose of the processing, as well as the types of personal data and categories of data subjects, are determined by the Controller's use of the Services.

3. Roles and Responsibilities

The Controller is the data controller and is responsible for ensuring that the processing of personal data complies with all applicable data protection laws. The Processor is the data processor and shall process personal data only on behalf of the Controller.

4. Security Measures

Processor shall implement and maintain appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures are described in our Security Policy and include, but are not limited to, access control, encryption of data in transit, and regular security assessments.

5. Sub-processors

Controller agrees that Processor may engage third-party sub-processors to process personal data on Controller's behalf. Processor shall ensure that any sub-processor is bound by data protection obligations compatible with those of this DPA.

6. Data Subject Rights

Processor shall, to the extent legally permitted, promptly notify Controller if it receives a request from a data subject to exercise their rights under applicable data protection law. Processor shall provide Controller with reasonable cooperation and assistance in relation to any such request.

7. Data Breach Notification

In the event of a personal data breach, Processor shall notify Controller without undue delay after becoming aware of the breach.