Data Processing Agreement
This Data Processing Agreement ("DPA") forms part of the agreement between you ("Customer", the data controller) and Tailwise, operated by Marinus Klasen ("Tailwise", "we", the data processor), and governs the processing of personal data that may be contained in the server logs you choose to send to Tailwise. It reflects the requirements of Article 28 GDPR.
1. Roles & scope
You are the controller and determine which log files are sent. Tailwise is the processor and acts only on your instructions, as set out in this DPA and the use of the service.
2. Nature & purpose of processing
Tailwise receives the log lines you select, stores recent lines on a rolling basis, scans them to detect errors, warnings and resource issues, and notifies you by email. Processing lasts for the duration of your subscription.
3. Types of personal data & data subjects
Logs you send may contain personal data such as IP addresses, email addresses, usernames or user IDs, and request URLs (entirely determined by the files you choose). Data subjects may include your website's visitors, users and staff. You agree not to send logs containing special-category data, and to exclude files holding secrets or sensitive customer data.
4. Our obligations
- Process personal data only on your documented instructions.
- Keep the data confidential and limit access to those who need it.
- Apply appropriate technical and organisational measures: encryption in transit (HTTPS/TLS), access controls, and EU-based hosting.
- Assist you, where reasonably possible, with data subject requests and your security obligations.
- Notify you without undue delay after becoming aware of a personal data breach affecting your data.
- Delete or return your data on termination, and on your request.
- Make available information needed to demonstrate compliance.
5. Sub-processors
You authorise Tailwise to engage the following sub-processors. We will give notice of changes and you may object on reasonable data-protection grounds.
| Sub-processor | Purpose | Location |
|---|---|---|
| Hetzner Online GmbH | Server hosting & storage | Germany (EU) |
| Sinch (Mailgun) | Transactional alert email | EU region |
| Stripe, Inc. | Payment & subscription billing (billing data only, not your logs) | US (SCCs apply) |
6. International transfers
Your log data is processed entirely within the EU (hosting in Germany, alert email in the EU region). The only sub-processor outside the EEA is Stripe, which processes billing data (your name, email and payment details, not your logs) under the EU Standard Contractual Clauses. DNS is provided by Cloudflare, which resolves the domain only and does not process the data in your logs.
7. Retention & deletion
Log lines are kept on a rolling basis and overwritten as new data arrives. On termination of your subscription, or on your request, your stored logs and detected issues are deleted.
8. Acceptance
By placing an order for Tailwise you accept this DPA on behalf of your organisation. The version and date accepted are recorded with your order.
9. Contact
Questions about this DPA or your data: marinus@mklasen.com.