Effective Date: July 14, 2026
This Data Processing Agreement ("DPA") forms an integral part of the Terms of Service or Agreement between BACODO, a brand of 5ASystems LLC, and the Customer.
This DPA sets out the responsibilities of the parties when BACODO processes personal data on the Customer's behalf while providing services.
1. Purpose
This Agreement sets out:
- BACODO's responsibilities when processing data.
- The Customer's responsibilities.
- Security measures.
- Data processing procedures.
- The rights of the parties.
2. Roles of the Parties
Within the scope of the project:
The Customer
is the party that determines the purpose and means of processing data.
BACODO
is the party that processes data according to the Customer's instructions.
BACODO does not independently determine the purpose for which end-user data is used.
3. Scope of Data
Depending on the project, BACODO may process:
- Full name.
- Email.
- Phone number.
- Address.
- Images.
- User profiles.
- User-generated content.
- System logs.
- Transaction information.
- Files.
- Other data the Customer stores on the system.
BACODO does not proactively request or collect data beyond what is necessary to provide the service.
4. Purpose of Processing
BACODO processes data only to:
- Software development.
- System deployment.
- Testing.
- Operations.
- Troubleshooting.
- Backups.
- Data synchronization.
- Technical support.
- System maintenance.
BACODO does not use the Customer's data for advertising purposes or sell it to third parties.
5. Customer Instructions
BACODO processes data only in accordance with:
- The contract.
- The Statement of Work.
- The Proposal.
- Email.
- Tickets.
- Written communications confirmed by the Customer.
If BACODO believes a request may violate the law, BACODO reserves the right to decline to carry it out and to notify the Customer.
6. Data Security
BACODO applies reasonable security measures, including:
- Encrypting connections.
- Access control.
- Account authentication.
- Access logs.
- Backups.
- System monitoring.
- Staff access segregation.
- Incident management procedures.
Only personnel who need access are permitted to access the Customer's data.
7. Staff and Contractors
BACODO ensures that:
- Staff are trained on security.
- Contractors are bound by appropriate confidentiality obligations.
- Access rights are limited according to role.
8. Subprocessors
To provide its services, BACODO may use subprocessors such as:
- AWS
- Google Cloud
- Cloudflare
- Vercel
- Microsoft
- Stripe
- PayPal
- Firebase
- Supabase
- Zoho
- OpenAI
- Anthropic
- Gemini
BACODO selects reputable providers and applies reasonable measures to protect data.
This list may be updated according to operational needs.
9. International Data Transfers
Data may be stored or processed in different countries depending on the infrastructure and services used.
BACODO will apply appropriate measures under applicable law to protect data when international data transfers take place.
10. Data Subject Rights
If BACODO receives a request from a data subject relating to:
- Data access.
- Data correction.
- Data deletion.
- Restriction of processing.
- Data portability.
BACODO will notify the Customer to the extent permitted by law.
The Customer is responsible for deciding how to handle such requests.
11. Data Breach
If BACODO discovers an incident that may affect the Customer's data, BACODO will:
- Investigate the incident.
- Implement mitigation measures.
- Notify the Customer within a reasonable time.
- Cooperate to address the incident where necessary.
BACODO will provide appropriate information to help the Customer fulfill its related legal obligations.
12. Data Retention
BACODO retains data only for as long as necessary to:
- Provide the service.
- Maintain systems.
- Perform backups.
- Resolve disputes.
- Comply with legal obligations.
After the contract ends, BACODO may delete or anonymize data according to its internal process, unless the law requires longer retention or the parties agree otherwise.
13. Right to Audit
Within a reasonable scope and by prior agreement, the Customer may request that BACODO provide information about the security measures and data processing procedures relating to the services provided.
Any audit must not disrupt BACODO's business operations, internal security, or the information of other Customers.
14. Limitation of Liability
BACODO is responsible only for data processing activities within the scope of the services BACODO provides.
BACODO is not responsible for:
- Data the Customer has made public itself.
- Data modified by the Customer or a third party.
- Misconfiguration performed by the Customer.
- Violations arising from the Customer's misuse of the system.
- The Customer's own data-processing decisions.
15. Termination
When the service contract ends, BACODO may:
- Delete the data.
- Hand over the data to the Customer.
- Retain the data for as long as required by law.
Handing over data may incur a fee if it exceeds the agreed scope of service.
16. Governing Law
This Agreement is governed by the law of the State in which 5ASystems LLC is organized in the United States.
17. Contact
- BACODO
- A brand of 5ASystems LLC
- Privacy email: privacy@bacodo.com
- Legal email: legal@bacodo.com
- Website: https://bacodo.com
