Tyslo

Data Processing Addendum (DPA)

Effective as of the date of posting
This Data Processing Addendum (“DPA”) forms part of the Terms of Service and Privacy Policy of EasySell, operated by Tyslo FZE–LLC, Sharjah, United Arab Emirates (“Tyslo,” “we,” “us”). It applies when we process personal data on behalf of you, the Merchant (“Controller,” “Business”). By installing or using EasySell, you agree to this DPA.

1. Roles & Scope

  • You are the Controller/Business of Customer Data.
  • Tyslo is the Processor/Service Provider, processing Customer Data only to provide the EasySell app and related services.
  • “Customer Data” means personal data of your end-customers or store visitors submitted to or collected via EasySell.
  • Tyslo will only process Customer Data according to your documented instructions, our Terms, this DPA, and as required by law.

2. Processing Details

We process Customer Data as necessary to:

  • Provide and improve EasySell features (order forms, COD orders, integrations, SMS if enabled).
  • Sync with Shopify data under your authorized scopes.
  • Detect fraud, ensure security, and provide support.
  • Comply with applicable law.

We do not sell or share Customer Data. We do not combine it with other data except as permitted by law to perform the Services, detect security issues, or comply with obligations.

3. Security Measures

We maintain technical and organizational measures (TOMs) to protect Customer Data, including:

  • Encryption of data in transit.
  • Access controls, least-privilege policies, and staff confidentiality agreements.
  • Secure infrastructure with firewalls, monitoring, and vulnerability management.
  • Regular backups with limited retention.
  • Incident response and breach notification procedures.
  • Privacy by design and default.

4. Sub-processors

To deliver the Services, we may use trusted third parties (“Sub-processors”), such as:

  • Hosting and infrastructure providers.
  • SMS gateways (if SMS features enabled).
  • Email and support communication tools.
  • Analytics and diagnostics providers.
  • Google (for Sheets integration, if enabled).
  • Shopify APIs (accessed under your authorized scopes).

We remain responsible for our Sub-processors. We will provide notice of new Sub-processors and give you the chance to object if you have reasonable grounds.

5. Assistance & Data Rights

  • We will assist you in responding to data subject requests (access, deletion, correction, portability) as required by law.
  • If we receive a request directly, we will forward it to you unless legally prohibited.
  • We will also provide reasonable support for data protection impact assessments (DPIAs) where related to EasySell.

6. Breach Notification

If we become aware of a confirmed personal data breach in our systems affecting Customer Data, we will notify you without undue delay and provide information to help you meet your legal obligations.

7. International Data Transfers

  • If Customer Data is transferred outside your region (e.g., to UAE, US, or other locations), we will apply appropriate safeguards such as the EU Standard Contractual Clauses (SCCs), the UK Addendum, and the Swiss Addendum.
  • For US merchants, we act as a Service Provider under CPRA/CCPA: we do not sell or share Customer Data, and we use it only to provide the Services.

8. Retention & Deletion

  • Upon uninstall, Merchant-related account data is deleted from primary systems within 48 hours.
  • Logs/diagnostics are retained for up to 30 days for backup/business continuity, then deleted or de-identified.
  • COD order data is not stored beyond what is needed to generate and transmit the order.
  • Merchants may request a copy of their Merchant Account Data before deletion. Customer Data is not stored and cannot be exported.

9. Government Requests

If we receive a legally binding request from a public authority, we will (unless prohibited by law) notify you, challenge unlawful or overbroad requests, and disclose only the minimum data required.

10. Liability & Precedence

This DPA is subject to the limitations of liability set out in our Terms of Service. If there is a conflict between this DPA and other agreements, this DPA prevails where Customer Data is concerned.

11. Governing Law

  • For EU SCCs: Irish law governs, with Irish courts having jurisdiction.
  • For CPRA/CCPA: California law applies to those provisions.
  • For all other matters: UAE law governs.

12. Acceptance

By installing or using EasySell, you agree to this Data Processing Addendum.

Contact:
Tyslo FZE–LLC (EasySell)
Email: [email protected]