This policy is being finalised and will be published before TatvaCRM's commercial launch. The section headings below indicate the topics that will be covered.
1.Definitions and Scope
This section will define key terms including Data Controller, Data Processor, Personal Data, Processing, Sub-processor, and describe the scope of this addendum in relation to the main service agreement.
2.Processing Instructions
This section will detail how TatvaCRM processes data only on documented instructions from the controller, the nature and purpose of processing, types of personal data processed, and categories of data subjects.
3.Sub-processors
This section will list authorised sub-processors, the process for adding or changing sub-processors (including 30-day advance notice), and the controller's right to object to new sub-processors.
4.Security Measures
This section will describe technical and organisational security measures including encryption at rest and in transit, schema-per-tenant isolation, access controls, incident response procedures, and regular security assessments.
5.Data Deletion and Return
This section will detail the process for returning or deleting data upon termination or expiry of the agreement, including the 30-day retention window and permanent deletion of backups.
For questions about this policy, email support@tatvacrm.com.