1. Introduction
This Data Processing Agreement ("DPA") forms part of the Master Service Agreement or Terms of Service ("Agreement") between Tyralix ("Tyralix", "we", "us", "Processor") and the customer ("Customer", "you", "Controller").
This DPA is designed to ensure that your use of Tyralix plugins (including but not limited to QuickBooks Sync Pro, B2B Portal Suite, and Post Purchase Survey) complies with applicable data protection laws, including the European General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
2. Definitions
For the purposes of this DPA, the following definitions apply:
- "Controller" means the entity which determines the purposes and means of the processing of Personal Data (you, the Customer).
- "Processor" means the entity which processes Personal Data on behalf of the Controller (Tyralix).
- "Personal Data" means any information relating to an identified or identifiable natural person.
- "Data Subject" means the identified or identifiable natural person to whom the Personal Data relates (your store customers).
3. Details of Processing
3.1 Subject Matter
The subject matter of the processing is the Personal Data provided by the Controller to the Processor in connection with the use of Tyralix plugins for WooCommerce.
3.2 Nature and Purpose
We process data to provide plugin functionality, including:
- Syncing order data to third-party accounting platforms (e.g., QuickBooks).
- Managing B2B user roles and pricing tiers.
- Collecting post-purchase feedback.
- Analyzing store performance metrics.
3.3 Categories of Data Subjects
The Personal Data transferred concerns the following categories of Data Subjects:
- Your customers (end-users of your WooCommerce store).
- Your employees or administrators using the Tyralix dashboard.
3.4 Types of Personal Data
The Personal Data transferred concerns the following categories of data:
- Contact Information (Name, email address, phone number, billing/shipping address).
- Order Information (Products purchased, transaction value, payment method).
- Technical Data (IP address, browser type, device information via Resource Spy).
4. Security Measures
Tyralix implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
- Encryption: All data transmitted between your WordPress site and our API servers (for license validation or syncing) is encrypted using TLS 1.2 or higher.
- Access Control: Access to personal data is restricted to authorized personnel who have a legitimate business need.
- Minimization: Our plugins are designed to process data locally on your server whenever possible (e.g., Error Humanizer, Resource Spy) to minimize external data transfer.
- Regular Audits: We conduct regular security audits of our codebases and infrastructure.
5. Sub-processors
You authorize Tyralix to engage the following sub-processors to assist in providing our services. We maintain written agreements with these sub-processors ensuring they provide at least the same level of data protection as set out in this DPA.
| Sub-processor | Purpose | Location |
|---|---|---|
| Stripe | Payment Processing | USA |
| Freemius | License Management & Updates | USA/Global |
| HelpScout | Customer Support Ticketing | USA |
| Amazon Web Services (AWS) | Cloud Infrastructure | USA |
| Google Analytics | Website Analytics (Anonymized) | USA |
6. Data Subject Rights
Tyralix shall, to the extent legally permitted, promptly notify you if we receive a request from a Data Subject to exercise their rights (e.g., right of access, right to erasure). Given that most data resides in your WordPress database, you are primarily responsible for responding to such requests. We will provide reasonable assistance to help you fulfill these obligations.
7. Data Breach Notification
In the event of a Personal Data Breach affecting your data, Tyralix will notify you without undue delay after becoming aware of the breach. This notification will include details of the breach, the likely consequences, and measures taken to mitigate the risk.
8. Term & Termination
This DPA remains in effect as long as you have an active license or subscription with Tyralix. Upon termination of your account, you may request the deletion of your data stored on our license management servers. Data stored locally on your WordPress site is under your sole control.