Data Processing Agreement

Last updated: January 2025

Overview

This Data Processing Agreement ("DPA") forms part of the Terms of Service between Bellink Inc. ("Bellink", "we", "us") and the customer ("Customer", "you") for the use of Bellink services.

This DPA applies where and only to the extent that Bellink processes Personal Data on behalf of the Customer in the course of providing the Services, and such Personal Data is subject to Data Protection Laws.

1. Definitions

  • "Personal Data" means any information relating to an identified or identifiable natural person.
  • "Processing" means any operation performed on Personal Data, including collection, storage, use, and deletion.
  • "Data Controller" means the entity that determines the purposes and means of Processing Personal Data (the Customer).
  • "Data Processor" means the entity that Processes Personal Data on behalf of the Controller (Bellink).

2. Data Processing

Bellink processes Personal Data only as necessary to provide the Services and in accordance with Customer's documented instructions.

Nature of Processing: Bellink acts as a pass-through layer between AI platforms and third-party services. We process OAuth tokens and API requests but do not persistently store Customer business data.

Types of Data: OAuth access tokens, API request/response data (transient), user account information, usage logs.

3. Security Measures

Bellink implements appropriate technical and organizational measures to protect Personal Data, including:

  • • Encryption of data at rest (AES-256)
  • • Encryption of data in transit (TLS 1.3)
  • • Access controls and authentication
  • • Regular security assessments
  • • Incident response procedures

4. Sub-processors

Customer authorizes Bellink to engage sub-processors to assist in providing the Services. Current sub-processors include:

  • • Cloud hosting provider (infrastructure)
  • • Database provider (encrypted data storage)
  • • Authentication provider (user authentication)

Bellink will notify Customer of any new sub-processors and provide an opportunity to object.

5. Data Subject Rights

Bellink will assist Customer in responding to requests from data subjects exercising their rights under applicable Data Protection Laws, including rights of access, rectification, erasure, and portability.

6. Data Retention

Upon termination of Services or Customer request, Bellink will delete or return all Personal Data within 30 days, except where retention is required by law.

7. International Transfers

Where Personal Data is transferred outside the European Economic Area, Bellink ensures appropriate safeguards are in place, such as Standard Contractual Clauses.

Need a Signed DPA?

Enterprise customers can request a signed copy of our Data Processing Agreement.

Request Signed DPA