Legal
Data Processing Agreement
Effective: May 21, 2026 · Codebyte Ltd., Israel
This Data Processing Agreement ("DPA") forms part of the agreement between Codebyte Ltd. ("Processor") and the customer ("Controller") and governs the processing of personal data by Asistry on behalf of the Controller, in accordance with Article 28 of the GDPR and applicable data protection law.
1. Definitions
- Controller: the legal entity that determines the purposes and means of processing personal data.
- Processor: Codebyte Ltd., which processes personal data on behalf of the Controller.
- Personal Data: any information relating to an identified or identifiable natural person.
- Processing: any operation performed on personal data.
- Sub-processor: a third party engaged by the Processor to process personal data on behalf of the Controller.
2. Subject matter and duration
The Processor shall process personal data as necessary to provide the Service described in the Terms of Service, for the duration of the agreement between the parties, and thereafter as required by law.
3. Nature and purpose of processing
The Processor processes personal data for the following purposes:
- Authenticating and managing user accounts
- Storing and retrieving task, project, and note data created by the Controller
- Executing integrations with third-party services at the Controller's direction
- Delivering AI agent actions instructed by the Controller
- Providing support and operating the Service
4. Types of personal data and data subjects
| Category | Data subjects |
|---|---|
| Account identifiers (email, name) | Controller's users |
| Content (tasks, notes, agent outputs) | Controller's users |
| Third-party OAuth tokens | Controller's users |
| Technical/usage logs | Controller's users |
5. Controller obligations
The Controller represents and warrants that:
- It has a lawful basis for processing the personal data it provides to the Processor
- It has provided all required notices to data subjects
- It will not instruct the Processor to process personal data in a manner that violates applicable law
6. Processor obligations
The Processor agrees to:
- Process personal data only on documented instructions from the Controller
- Ensure that persons authorised to process personal data are bound by appropriate confidentiality obligations
- Implement and maintain appropriate technical and organisational security measures (Article 32 GDPR)
- Assist the Controller in fulfilling data subject rights requests within a reasonable timeframe
- Notify the Controller without undue delay (and within 72 hours where feasible) upon becoming aware of a personal data breach
- Delete or return all personal data upon termination of the agreement, at the Controller's choice
- Make available all information necessary to demonstrate compliance with this DPA
7. Sub-processors
The Controller authorises the Processor to use the following sub-processors:
| Sub-processor | Purpose | Location |
|---|---|---|
| Supabase Inc. | Database and authentication | EU (AWS eu-central-1) |
| Vercel Inc. | Application hosting | EU / global edge |
The Processor will notify the Controller of any intended changes to sub-processors by updating this page with at least 14 days' notice. The Controller may object to new sub-processors within that period by emailing legal@asistry.com.
8. International transfers
Personal data may be transferred outside the EEA as necessary to deliver the Service. All such transfers are subject to appropriate safeguards including Standard Contractual Clauses as required by GDPR Chapter V.
9. Security
The Processor implements technical and organisational measures including: encryption at rest (AES-256 via pgcrypto) and in transit (TLS 1.2+), row-level security on all database tables, rate limiting on API endpoints, regular security audits, and access controls with principle of least privilege.
10. Governing law
This DPA is governed by Israeli law. For EU/EEA Controllers, the Standard Contractual Clauses (Commission Decision 2021/914) are incorporated by reference.
11. Contact
Codebyte Ltd., Israel
legal@asistry.com