Tymmo

Data Processing Policy (DPA)

Effective Date: 01 June 2024

Last Updated: 01 June 2024

This Data Processing Policy ("Policy") outlines how Tymmo ("Processor", "we", "us") processes personal data on behalf of its customers ("Controller", "you", "your") when you use Tymmo's services.

This policy is designed to comply with data protection regulations including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable laws.

1. Scope of Processing

Tymmo processes personal data solely to provide its Services, which include:

  • Workspace setup and user management
  • AI-driven automation and voice workflows
  • Task, CRM, learning, and communication modules
  • Reporting, analytics, and API-based integrations

We process data only under your instruction, unless required by law.

2. Types of Data Processed

Depending on usage, we may process:

  • User identity data (e.g., names, email addresses)
  • Business activity data (tasks, workflows, form entries)
  • Voice/audio input (when using voice automation features)
  • Usage data (e.g., activity logs, timestamps)
  • Custom fields or uploaded content as configured by you

We do not intentionally process:

  • Special category data (e.g., health, biometric)
  • Payment card data (unless integrated with a PCI-compliant gateway)

3. Data Subject Rights

You remain the Data Controller and are responsible for handling data subject rights requests. Tymmo will:

  • Assist you in fulfilling requests (e.g., access, correction, deletion, export)
  • Respond promptly to deletion or export commands via the admin interface or support channel

4. Subprocessors

Tymmo uses carefully vetted third-party subprocessors (e.g., for hosting, support, analytics).

All subprocessors are contractually bound to:

  • Confidentiality
  • Data protection compliance
  • Processing only as required to deliver the service

5. Security Measures

We implement technical and organizational measures to protect personal data, including:

  • End-to-end encryption in transit (TLS 1.2+)
  • Role-based access controls (RBAC)
  • Logging and anomaly detection
  • Data backups and integrity monitoring

See full details in our Security Policy.

6. Data Retention

Tymmo retains customer data:

  • For the duration of your active account
  • Up to 30 days post-cancellation (based on agreement)
  • As needed for legal or billing obligations

You may request early deletion via info@tymmo.ai

7. International Transfers

Data may be stored in or accessed from servers located in the US, EU, or other regions. Tymmo ensures adequate safeguards for any cross-border data transfers, including:

  • Standard Contractual Clauses (SCCs)
  • Regional data centers (where applicable)

8. Breach Notification

In the event of a data breach affecting personal data:

  • Tymmo will notify you without undue delay (within 72 hours if required by law)
  • We will share known impact, mitigation steps, and action plans

9. Audit and Compliance

Tymmo supports audit requests as outlined in enterprise agreements. We provide:

  • Subprocessor details
  • Security architecture overview
  • Proof of controls (on request for enterprise clients)

10. Contact Information

For DPA-related matters, contact:

info@tymmo.ai