Back to Homepage

Data Processing Agreement

This Data Processing Agreement (DPA) outlines how we process personal data on behalf of our customers in compliance with applicable data protection regulations, including the GDPR.

Last updated: March 2026

1. Roles and Responsibilities

For the purposes of this agreement:

You (the customer) act as the Data Controller — you determine the purposes and means of processing personal data

SKY acts as the Data Processor — we process personal data only on your documented instructions

We will not process personal data for any purpose other than those specified by you or required by applicable law.

2. Scope of Data Processing

We process personal data solely to provide the SKY platform services, which includes:

User authentication and account management

Storing user profile and preference information

Providing audit logs and access records

Your migration data (source files, transformation outputs, SAP extracts) is processed locally and is not transmitted to our infrastructure.

3. Data Protection Commitments

We commit to:

Process data strictly in accordance with your instructions

Ensure that persons authorized to process data are bound by confidentiality obligations

Implement appropriate technical and organizational security measures

Assist you in responding to data subject access requests

Delete or return personal data upon termination of the agreement, at your choice

4. Subprocessors

We may engage third-party subprocessors to support platform operations (e.g., cloud infrastructure, email delivery). We maintain a list of current subprocessors and will notify you before adding new ones.

All subprocessors are bound by equivalent data protection obligations.

5. Security Practices

We maintain security measures appropriate to the nature, scope, and purposes of processing, including:

Encryption of data in transit and at rest

Access controls and authentication mechanisms

Regular vulnerability assessments

Incident detection and response procedures

6. Data Breach Notification

In the event of a personal data breach, we will notify you without undue delay and no later than 72 hours after becoming aware of the breach, providing all relevant details and remediation steps.

© 2026 SKY – Smart Key Validation Insights. All rights reserved.

Built with Reflex