Legal

Data Processing Addendum

How kailenty processes Customer Data on your behalf, the sub-processors we rely on, and the safeguards we apply.

Last updated 24 June 2026

1. Roles

For personal data contained in Customer Data, kailenty (Digital David AG) acts as the processor and you, the customer, are the controller. This addendum supplements our Terms of Service and applies wherever we process personal data on your behalf.

2. Scope and purpose

We process Customer Data only to provide the scheduling, calendar, team-routing, automation, and related features described in our documentation, and for no other purpose, except where required by law.

3. Sub-processors

We use the following sub-processors to deliver the service:

  • Cloudflare, Inc. — hosting and infrastructure (edge compute, the D1 database, object storage, and queues), with EU data residency for scheduling data.
  • Microsoft Corporation / Microsoft Ireland Operations Ltd. — identity (Microsoft Entra ID) and calendar, mailbox, and Teams data accessed through the Microsoft Graph API at your direction.
  • OpenAI — generative AI features, such as drafting invites from pasted text.
  • Payment provider — payment processing for paid plans, where applicable.

We will give reasonable notice of any intended change to this list so you can object on reasonable grounds.

4. Security measures

We maintain technical and organisational measures appropriate to the risk, including:

  • Role-based access control enforced through JWT-based authentication and roles.
  • Per-workspace (tenant-scoped) data isolation.
  • Encryption of data in transit and at rest through our infrastructure providers.
  • Least-privilege access to production systems.

5. International transfers

Where a sub-processor processes personal data outside the European Economic Area (for example, OpenAI in the United States), we rely on appropriate safeguards such as the EU Standard Contractual Clauses, supplemented by additional measures where required.

6. Data subject requests

Taking into account the nature of the processing, we will assist you with appropriate technical and organisational measures in responding to requests from data subjects exercising their rights under the GDPR.

7. Breach notification

We will notify you without undue delay after becoming aware of a personal data breach affecting Customer Data, and provide the information you reasonably need to meet your own notification obligations.

8. Deletion and return

Upon termination, we will delete or return Customer Data in accordance with your instructions and your plan’s retention settings, subject to applicable legal retention requirements.

9. Contact

For DPA or sub-processor enquiries, contact privacy@kailenty.com.

More legal

kailenty