Ektasi.
← Ektasi

Data Processing Addendum

Last Updated: June 20, 2026

1. Roles

Ektasi is the Data Controller for administrative/financial data and the Data Processor for tenant payload data. The Client is the Controller of tenant payload data.

2. Scope & Instructions

Ektasi processes tenant payload data only to provide the Platform and on the Client’s documented instructions. We do not monetize it or train shared AI models on it.

3. Security Measures

Tenant isolation via PostgreSQL RLS; AES-256-GCM at rest with per-tenant HKDF keys; edge JWT verification; append-only audit ledger; PII-scrubbed telemetry.

4. Sub-Processors

Stripe / Razorpay (billing), Vercel / AWS (compute & hosting), Resend (transactional email), Sentry (zero-PII error monitoring). Material changes are notified to Tenant Administrators.

5. International Transfers

Data may be routed/stored across regions. Enterprise clients may provision local-residency deployment zones under an MSA.

6. Sub-Processor Access & JIT

Ektasi engineers cannot read tenant payload data without an explicit, time-boxed Just-In-Time access grant, recorded immutably in the audit ledger.

7. Deletion & Return

On termination or verified request, Ektasi executes a cryptographic shred (overwriting the tenant HKDF salt), rendering ciphertext — including backups — permanently unreadable. An anonymized destruction record is retained for SOC2.

8. Audit

Enterprise clients may self-serve forensic audits of their isolated audit_logs via the Tech & Protocol Desk.

Template for reference; not legal advice.