Data Processing Agreement
Effective: February 1, 2026 | Last Updated: February 1, 2026
APPLICABILITY NOTICE: This Data Processing Agreement ("DPA") applies to business customers who use Bluetick services and where Bluetick processes personal data on behalf of the customer. Individual consumers should refer to our Privacy Policy.
This Data Processing Agreement ("DPA") forms part of the Master Service Agreement or Terms of Service ("Agreement") between Bluetick Network LLP ("Data Processor," "Bluetick," "we," "us") and the customer ("Data Controller," "Customer," "you") using our services.
1. Definitions
Capitalized terms used but not defined in this DPA will have the meanings set forth in the Agreement.
Personal DataAny information relating to an identified or identifiable natural person as defined under applicable data protection laws.
ProcessingAny operation performed on Personal Data, including collection, storage, use, disclosure, and deletion.
Data ControllerThe entity that determines the purposes and means of processing Personal Data (the Customer).
Data ProcessorThe entity that processes Personal Data on behalf of the Data Controller (Bluetick).
Sub-processorA third party engaged by Bluetick to process Personal Data on behalf of the Customer.
Data SubjectAn individual whose Personal Data is processed.
Applicable LawsGDPR, CCPA, India DPDP Act, and any other applicable data protection regulations.
2. Scope of Processing
The details of the processing operations, including categories of personal data, categories of data subjects, and duration of processing are defined below.
2.1 Subject Matter
This DPA governs the processing of Personal Data by Bluetick when providing digital business card and networking services to the Customer.
2.2 Categories of Personal Data
- •Contact information (name, email, phone)
- •Professional information (job title, company)
- •Profile photos and images
- •Business card scan data
- •Connection and networking data
- •Usage and analytics data
- •Payment information (processed by third parties)
- •Device and technical identifiers
2.3 Categories of Data Subjects
- • Customer employees and team members
- • Contacts and connections of the Customer's users
- • Individuals who interact with the Customer's digital business cards
2.4 Duration of Processing
Processing will continue for the duration of the Agreement and until all Personal Data is deleted or returned in accordance with this DPA.
3. Customer Obligations
As the Data Controller, you represent and warrant that you have all necessary rights, licenses, and consents to share Personal Data with us.
Your Responsibilities
- •Ensuring you have lawful basis to collect and share Personal Data with Bluetick
- •Providing appropriate notices to Data Subjects about data processing
- •Obtaining necessary consents where required by law
- •Ensuring accuracy and completeness of Personal Data provided
- •Responding to Data Subject requests and exercising their rights
- •Complying with all applicable data protection laws
- •Notifying Bluetick of any changes affecting data processing
4. Bluetick's Obligations
As the Data Processor, we will comply with the following commitments during the term of our Agreement.
4.1 Processing Instructions
We will process Personal Data only on your documented instructions, unless required by law to do otherwise.
4.2 Confidentiality
We ensure that persons authorized to process Personal Data have committed to confidentiality or are under an appropriate statutory obligation of confidentiality.
4.3 Security Measures
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
4.4 Sub-processing
We will not engage another processor without your prior written authorization. We maintain a list of authorized sub-processors.
4.5 Assistance
We assist you in responding to Data Subject requests and ensuring compliance with obligations under data protection laws.
4.6 Deletion/Return
Upon termination, we will delete or return all Personal Data at your choice, unless legal requirements mandate retention.
4.7 Audit Rights
We make available all information necessary to demonstrate compliance and allow for audits by you or an auditor mandated by you.
5. Security Measures
We implement industry-standard physical, administrative, and technical controls to safeguard Personal Data.
Encryption
- •AES-256 encryption at rest
- •TLS 1.3 in transit
- •End-to-end encryption for sensitive data
Access Control
- •Role-based access control
- •Multi-factor authentication
- •Regular access reviews
Infrastructure
- •SOC 2 compliant hosting
- •Geographic redundancy
- •DDoS protection
Monitoring
- •24/7 security monitoring
- •Intrusion detection systems
- •Regular vulnerability scans
Personnel
- •Background checks
- •Security training
- •Confidentiality agreements
Incident Response
- •Documented response plan
- •Regular drills
- •72-hour notification
6. Sub-processors
To support service delivery, Bluetick engages the following third-party infrastructure and service providers:
| Sub-processor | Purpose | Location |
|---|---|---|
| Supabase Inc. | Database and authentication | USA (Mumbai region) |
| Cloudinary Ltd. | Media storage and processing | USA/EU |
| Razorpay Software Pvt. Ltd. | Payment processing | India |
| Google LLC (Firebase) | Analytics and notifications | USA |
| Digital Ocean, Inc. | Web hosting | USA (BLR region) |
| Vercel Inc. | Edge hosting | Global CDN |
You may subscribe to updates regarding new sub-processors by emailing [email protected]. We will notify you of any new sub-processors at least 30 days before engagement.
7. International Data Transfers
Where Personal Data is transferred outside of India, the EEA, UK, or Switzerland, we ensure appropriate safeguards through:
•Standard Contractual Clauses (SCCs) approved by the European Commission
•Binding Corporate Rules where applicable
•Adequacy decisions for transfers to recognized countries
•Supplementary measures as required by regulatory authorities
8. Data Subject Requests
We will promptly notify you if we receive a request from a Data Subject regarding their Personal Data, unless prohibited by law. We will assist you in responding to requests, including:
- Right of access and rectification
- Right to erasure ("right to be forgotten")
- Right to restriction of processing
- Right to data portability
- Right to object to processing
9. Data Breach Notification
In the event of a Personal Data breach, we will:
1Notify you without undue delay, and in any event within 72 hours of becoming aware.
2Provide all information reasonably required for you to meet regulatory notification obligations.
3Cooperate and assist in the investigation, mitigation, and remediation of the breach.
10. Audits and Certifications
10.1 Bluetick maintains industry-standard certifications and undergoes regular security assessments.
10.2 Upon reasonable request and subject to confidentiality obligations, we will provide audit reports, certifications, and attestations demonstrating compliance.
10.3 You may conduct an audit (or appoint a third-party auditor) with 30 days written notice, at your expense, during normal business hours, and subject to reasonable confidentiality requirements.
11. Term and Termination
11.1 Term: This DPA remains in effect for the duration of the Agreement between you and Bluetick.
11.2 Data Return/Deletion: Upon termination, we will, at your election, return or delete all Personal Data within 30 days, unless retention is required by applicable law.
11.3 Survival: Obligations that by their nature should survive termination (including confidentiality and data protection) will remain in effect.
12. Contact & Execution
For DPA-related inquiries, execution of this agreement, or to request a signed copy:
Data Protection Officer
Bluetick Network LLP
138 Atlanta Mall, Motavaracha
Surat - 394101
India
Contact Details
Email: [email protected]
Phone: +91 94286 32907
To execute this DPA, contact us at [email protected] with your company details. A countersigned copy will be provided within 5 business days.