TrueNorth
Sign in

Data Processing Addendum (DPA)

Last updated: June 18, 2026

This DPA applies where True Tech Professionals Private Limited (“Processor”) processes personal data on behalf of a customer (“Controller”) through the TrueNorth products. It forms part of the agreement between the parties. To execute a signed copy, contact privacy@truetechpro.io.

1. Roles & definitions

Terms such as “controller”, “processor”, “personal data”, “processing”, and “data subject” have the meanings given under applicable data protection law (including the EU/UK GDPR and India's DPDP Act 2023, where the Controller is the “Data Fiduciary” and Processor the “Data Processor”). The Controller determines purposes and means; the Processor processes on the Controller's documented instructions.

2. Scope & purpose

The Processor processes personal data only to provide the TrueNorth products (applicant tracking, contractor, vendor, and HR management) and as instructed by the Controller, for the duration of the agreement.

3. Processor obligations

  • Process personal data only on the Controller's documented instructions.
  • Ensure personnel are bound by confidentiality.
  • Implement appropriate technical and organizational security measures (see our Security page: field-level encryption of sensitive identifiers, role-based access control, access logging, encryption in transit, backups).
  • Assist the Controller in responding to data-subject requests.
  • Notify the Controller without undue delay after becoming aware of a personal-data breach.
  • Delete or return personal data at the end of the agreement, subject to legal retention requirements.

4. Sub-processors

The Controller authorizes the use of sub-processors. Current sub-processors include Railway (hosting & database), AWS (document storage), Google Cloud (AI parsing/matching), Resend (email), and Sentry (error monitoring). We will inform the Controller of intended changes and give an opportunity to object.

5. International transfers

Where personal data is transferred across borders, the parties will rely on appropriate safeguards (such as standard contractual clauses) as required by applicable law. TrueNorth offers US and India data residency options.

6. Audits

The Processor will make available information reasonably necessary to demonstrate compliance and allow for audits, subject to reasonable confidentiality and notice.

7. Liability & precedence

This DPA is subject to the liability provisions of the main agreement. Where this DPA conflicts with the main agreement on data protection, this DPA prevails.

Contact

privacy@truetechpro.io.