Data Processing Agreement (DPA)
Last updated: May 2026
This document describes the data processing framework applicable when JobTactics Ltd (JobTactics) processes personal data on behalf of a business customer (organization, agency or institution). It supplements our Terms of Service and forms the basis of the processing agreement signed with each business customer.
1. Roles of the parties
The business customer acts as the controller (or as a processor towards its own clients). JobTactics Ltd acts as a processor, processing data only on the customer's documented instructions and for the purposes strictly necessary to provide the service.
2. Subject matter, duration and nature of processing
Processing concerns the data necessary to provide the service's features (management of end-user accounts, generation of career documents, tracking). It lasts for the duration of the contractual relationship, unless a legal retention obligation applies. The categories of data and data subjects are specified in the signed agreement.
3. Processor obligations
JobTactics Ltd undertakes to:
- Process data only on the controller's documented instructions.
- Ensure the confidentiality of persons authorized to process the data.
- Implement appropriate technical and organizational measures (encryption at rest and in transit, access control, logging).
- Assist the controller with data subject rights requests and impact assessments.
- Notify any data breach without undue delay and cooperate with the competent authorities.
4. Sub-processing
The customer authorizes the use of sub-processors, listed by category on our Sub-processors page. The detailed named list is provided to the signing customer under a confidentiality undertaking. Any new sub-processor is subject to reasonable prior notice allowing a reasoned objection.
5. International transfers
Data is hosted in the United States (Boston region). Transfers outside the European Economic Area are governed by appropriate mechanisms (Standard Contractual Clauses, EU-US Data Privacy Framework or equivalent safeguards), with the most demanding level of protection applied regardless of jurisdiction.
6. Security and breach notification
The technical and organizational security measures are described in our Privacy Policy and our GDPR notice. In the event of a data breach affecting data processed on behalf of the customer, JobTactics Ltd notifies the customer without undue delay.
7. Deletion and return of data
At the end of the service, and at the customer's choice, personal data is deleted or returned, unless a legal retention obligation applies. The applicable retention periods are specified in the documentation and the signed agreement.
8. Audit and compliance
JobTactics Ltd makes available to the customer the information necessary to demonstrate compliance with its obligations and allows, under reasonable and confidential conditions, audits to be carried out or existing audit reports to be provided.
9. Entering into a DPA
This document is the general framework. A full Data Processing Agreement, including the named sub-processor annex, is provided and signed before any business engagement. To obtain a copy or ask a question, contact:
Sub-processors
To provide the service, JobTactics relies on carefully selected third-party providers (sub-processors). For security and confidentiality reasons, we publish below the categories of sub-processors and their purpose, without publicly disclosing their identity. The detailed named list is provided to business customers under our Data Processing Agreement, on request and under a confidentiality undertaking.
1. Categories of sub-processors
The following categories may process personal data on our behalf, strictly within the scope of providing the service and under appropriate contractual safeguards:
| Category | Purpose | Location / transfer safeguard |
|---|---|---|
| AI model providers | Generation and analysis of content (resumes, letters, audits, mock interviews) | US / EU — appropriate contractual safeguards |
| Cloud hosting & infrastructure | Hosting of the platform, databases and file storage | US (Boston region) — EU-US Data Privacy Framework |
| Payment processor | Processing of credit purchases and billing | US / international — appropriate contractual safeguards |
| Email delivery service | Sending transactional and account emails | US / international — appropriate contractual safeguards |
| Voice processing & interview analysis | Transcription and analysis of AI interviews (when this feature is used) | US — appropriate contractual safeguards |
| Technical security data | IP geolocation for account security and fraud prevention | US / international — appropriate contractual safeguards |
2. Applicable safeguards
Each sub-processor is bound by contractual confidentiality and security obligations at least equivalent to ours. International data transfers are governed by appropriate mechanisms (Standard Contractual Clauses, EU-US Data Privacy Framework or equivalent safeguards), as described in our Privacy Policy and our GDPR notice.
3. Change notification
We may update our list of sub-processors. Business customers bound by a Data Processing Agreement are notified of any addition or replacement with reasonable prior notice, allowing them to raise a reasoned objection in accordance with the terms of that agreement.
4. Contact
To obtain the detailed named list of sub-processors (business customers, under a confidentiality undertaking) or for any question, contact our Data Protection Officer:
B2B, Reseller & Institution Agreement
This agreement governs the use of JobTactics by partner organizations — recruitment agencies, consulting firms and higher-education institutions — including white-label deployments. It supplements our Terms of Service and our Data Processing Agreement.
1. Organization types
The service is offered to organizations of the "agency" type (resale to end clients) and the "institution" type (provision to higher-education learners). No other type is supported. End users must be adults (18 or older).
2. License and scope
The organization is granted a non-exclusive, non-transferable license to use the service, for the duration and scope defined in its contract. White-label, where enabled, transfers no intellectual property rights in the underlying platform.
3. Organization responsibilities
The organization undertakes to:
- Grant access only to adult and eligible end users.
- Have an appropriate legal basis for the end-user data it processes.
- Comply with and enforce the terms of service and the acceptable AI use policy.
- Handle the commercial relationship and first-level support towards its own clients or learners.
4. Resale and pricing (agencies)
Agencies may resell access to their end clients, freely setting their own pricing. JobTactics takes no commission on these sales; billing to the agency covers the license and credits acquired at partner rates, subject to our Refund Policy.
5. Sub-processing and data
For end-user data processed via the platform, JobTactics acts as a processor of the organization, under the Data Processing Agreement. Cascading sub-processing may apply where the organization is itself a processor of its clients.
6. White-label and transparency
When the service is deployed under the organization's brand, the organization remains responsible for informing its end users of the processing of their data and of the involvement of a technical provider, in accordance with its transparency obligations.
7. Liability
Each party is liable for its own breaches. JobTactics Ltd provides the platform and infrastructure; the organization is liable for how it uses them, its relationship with its end clients and compliance with its legal obligations. The limitations of liability in our Terms of Service apply, subject to the specific provisions of the signed contract.
8. Term, commitment and termination
The term, any minimum commitment and the termination conditions are defined in the organization's contract. Abusive, fraudulent or non-compliant use may result in suspension or termination, under the conditions set out in our Terms of Service.
9. Contact
For any question about this agreement or to enter into a partnership, contact our team:
Service Level Agreement (SLA)
This document describes the service level commitments applicable to JobTactics business customers. The precise contractual commitments (quantified targets, service credits) are defined in the contract signed with each organization and supplement these guidelines and our Terms of Service.
1. Scope
This SLA applies to business organizations (agencies and institutions) with an active contract. Free or self-service individual accounts are provided "as is", with no service level commitment.
2. Availability
We aim for high service availability on a monthly basis, excluding planned maintenance windows and force majeure events. The quantified availability target, the calculation method and any service credits are specified in the organization's contract.
3. Planned maintenance
Maintenance operations likely to affect availability are, where possible:
- Scheduled outside peak hours.
- Announced in advance to organization administrators with reasonable prior notice.
- Excluded from the availability calculation when notified within the agreed timeframes.
4. Support
Business support is available electronically. Target first-response times are tiered according to incident criticality (for example: service unavailable, major degradation, standard request) and specified in the organization's contract.
5. Exclusions
Excluded from the commitments are: outages attributable to the customer or its configurations, third-party services beyond our control, force majeure events, uses contrary to the terms, and duly notified planned maintenance periods.
6. Security and continuity
The security, backup and incident response measures underpinning these commitments are described in our security and breach notification policy.
7. Contact
For any question about the service level or to report an incident, contact our support: