Data Processing Agreement

1. Purpose

This Data Processing Agreement describes the general data processing terms that may apply when TaxPilotra processes client-provided data in connection with automated tax system services, tax calculation module development, rule engine design, API integration, technical consulting, implementation support, and related services.

This agreement is intended to support responsible handling of business and project data. If a separate signed data processing agreement exists between the parties, that signed agreement controls over this general page.

2. Roles of the Parties

The client determines the business purpose, source, accuracy, and legal basis for the data provided to TaxPilotra. TaxPilotra processes project data only as reasonably necessary to provide the requested services, prepare deliverables, troubleshoot technical issues, support implementation, and maintain business records.

Depending on the project, the client may act as the controller or business owner of the data, and TaxPilotra may act as a processor, service provider, contractor, or technical service provider.

3. Categories of Data

Project data may include business contact information, transaction samples, product categories, customer categories, jurisdiction data, exemption indicators, tax workflow descriptions, API schemas, system documentation, technical logs, configuration data, and other business information needed to design or support automation workflows.

Clients should not provide unnecessary sensitive information. Where possible, clients should use masked, anonymized, synthetic, or non-production data.

4. Processing Instructions

TaxPilotra processes data based on client instructions, project requirements, accepted scopes, service communications, and technical needs related to the requested services. TaxPilotra will not use client-provided project data for unrelated purposes unless permitted by law or authorized by the client.

5. Confidentiality

TaxPilotra will treat client project data as confidential and will use reasonable measures to prevent unauthorized disclosure. Personnel or service providers with access to project data should access it only where needed for the project or business operations.

6. Security Measures

TaxPilotra uses commercially reasonable administrative, technical, and organizational measures designed to protect project data. These measures may include access limitation, data minimization, credential care, controlled project access, secure storage practices, and internal handling procedures.

Security responsibilities are shared. The client remains responsible for its own systems, user accounts, access permissions, data quality, internal controls, and secure transmission of project materials.

7. Subprocessors and Service Providers

TaxPilotra may use service providers to support hosting, storage, communication, analytics, project management, development operations, security, payment processing, or other business functions. TaxPilotra will use service providers in a manner reasonably consistent with the services being provided.

8. Client Obligations

The client is responsible for ensuring that it has the necessary rights, permissions, consents, notices, legal bases, and authority to provide data to TaxPilotra. The client is also responsible for determining whether data is subject to special legal, contractual, or regulatory restrictions.

9. Data Subject Requests

If TaxPilotra receives a request relating to personal data that appears to belong to a client project, TaxPilotra may direct the requester to the client or provide reasonable assistance where required and technically feasible. The client remains responsible for responding to data subject requests where the client controls the data.

10. Data Return and Deletion

Upon reasonable request and subject to legal, accounting, security, contractual, and operational retention requirements, TaxPilotra may return, delete, archive, or anonymize project data. Some records may be retained where necessary for invoices, dispute resolution, legal compliance, business records, security logs, or proof of services performed.

11. International Transfers

Project data may be stored or processed in locations where TaxPilotra, its service providers, or authorized systems operate. The client is responsible for notifying TaxPilotra in writing if specific transfer restrictions apply to project data.

12. Security Incidents

If TaxPilotra becomes aware of a confirmed security incident involving client project data, TaxPilotra will take reasonable steps to investigate, contain, and communicate the incident where required. Notification timing and content may depend on the nature of the incident, available information, legal requirements, and law enforcement considerations.

13. Limitation

TaxPilotra is not responsible for data issues caused by client-side system failures, unauthorized client users, insecure client credentials, inaccurate data, third-party services, client instructions, or transmission methods selected by the client.