Data Processing Agreement
How RYHA Technologies processes personal data on your behalf, the safeguards we apply, and our commitments to you as your data processor.
This policy is currently under review by our qualified legal counsel and is provided for general information only. It does not constitute legal advice. RYHA Technologies may update it from time to time, and the version published here is the one that applies.
Roles, Scope, and Subprocessors
This Data Processing Agreement applies where RYHA Technologies processes personal data on your behalf in the course of providing the service. For that personal data, you act as the data controller and RYHA Technologies acts as the data processor, processing it only on your documented instructions and only to provide and support the service, unless a law we are subject to requires otherwise. We process the categories of personal data contained in the project content you submit, for the duration of your use of the service, and on termination we delete or return it as described in our Privacy Policy and your plan. We engage trusted subprocessors only to the extent needed for their function: payment gateway providers who securely process billing, hosting providers who supply the secure cloud environment, and AI providers who power certain automated features. Each subprocessor is bound by written terms with data protection obligations no less protective than those in this agreement, and we will inform you of intended changes and give you the opportunity to object.
Security and Breach Notification
We apply appropriate technical and organizational measures to protect personal data. Personal data is encrypted at rest using AES-256 and in transit using TLS 1.3, access is restricted to authorized personnel on a need-to-know basis, customers are logically isolated from one another, and we maintain monitoring and review processes appropriate to the risk. If we become aware of a personal data breach affecting your data, we will notify you without undue delay and within 72 hours of becoming aware of it. Our notice will describe the nature of the breach, the likely consequences, and the measures taken or proposed, so that you can meet your own notification obligations.
Your Rights, Transfers, and Contact
Taking into account the nature of the processing, we will assist you with reasonable measures to respond to requests from individuals exercising their rights and to support data protection impact assessments and consultations with supervisory authorities, and we will make available the information reasonably necessary to demonstrate compliance with this agreement. Where personal data is transferred across borders, we rely on a lawful transfer mechanism, such as Standard Contractual Clauses, with appropriate safeguards. For questions about this agreement or our role as your data processor, contact our data protection team at contact@ryha.in.
