Data Processing Agreement
This Data Processing Agreement ("DPA") forms part of the agreement for Trackless Telemetry services (the "Agreement") between:
Data Controller:
The entity identified as the customer in the Agreement ("Customer," "Controller," or "you")
Data Processor:
Camp Four Software LLC ("Trackless," "Processor," "we," or "us")
Contact: legal@tracklesstelemetry.com
Each a "Party" and together the "Parties."
1. Definitions
1.1 "Applicable Data Protection Law" means all laws and regulations relating to the processing of Personal Data that apply to the performance of this DPA, including but not limited to: (a) the General Data Protection Regulation (EU) 2016/679 ("GDPR"); (b) the UK General Data Protection Regulation and Data Protection Act 2018 ("UK GDPR"); (c) the Swiss Federal Act on Data Protection ("FADP"); (d) the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"); and (e) any other applicable data protection or privacy law.
1.2 "Customer Personal Data" means any Personal Data processed by the Processor on behalf of the Controller in connection with the Agreement.
1.3 "Dashboard Account Data" means Personal Data provided by the Customer to create and maintain an account on the Trackless Telemetry dashboard, including email address, hashed password (managed by AWS Cognito), application names, API key metadata, and session data.
1.4 "Data Protection Impact Assessment" or "DPIA" has the meaning given in Article 35 of the GDPR.
1.5 "Data Subject" means an identified or identifiable natural person to whom Customer Personal Data relates.
1.6 "EEA" means the European Economic Area.
1.7 "Personal Data" has the meaning given in Article 4(1) of the GDPR, and includes "personal information" as defined under CCPA/CPRA where applicable.
1.8 "Personal Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Personal Data.
1.9 "Processing" has the meaning given in Article 4(2) of the GDPR, and "process," "processes," and "processed" shall be interpreted accordingly.
1.10 "Standard Contractual Clauses" or "SCCs" means the standard contractual clauses for the transfer of personal data to processors established in third countries, as set out in the European Commission Implementing Decision (EU) 2021/914.
1.11 "Sub-Processor" means any third party appointed by the Processor to process Customer Personal Data on behalf of the Controller.
1.12 "Supervisory Authority" means an independent public authority established by an EU or EEA Member State pursuant to Article 51 of the GDPR, or the UK Information Commissioner's Office for UK GDPR purposes.
1.13 "Telemetry Data" means the aggregate event counts and coarse device context dimensions processed through the Trackless Telemetry SDKs and ingest endpoint. By design, Telemetry Data consists exclusively of pre-aggregated counts and does not contain persistent identifiers, IP addresses, fingerprinting data, or any information that can identify or be linked to an individual Data Subject.
2. Scope and Applicability
2.1 Applicability. This DPA applies to all Processing of Customer Personal Data by the Processor in connection with the provision of the Trackless Telemetry service. This DPA is available to all Customers regardless of subscription tier.
2.2 Categories of Data. This DPA governs the processing of two categories of data:
(a) Dashboard Account Data -- Personal Data of the Customer (as a dashboard user) processed for account management and service delivery; and
(b) Telemetry Data -- aggregate event counts and coarse device context collected from end users of the Customer's applications via the Trackless SDKs.
2.3 Nature of Telemetry Data. The Parties acknowledge that the Trackless Telemetry platform is architecturally designed so that Telemetry Data consists solely of pre-aggregated counts with no persistent identifiers, no IP address processing, no fingerprinting data, and no capability for cross-session linking. To the extent that Telemetry Data does not constitute Personal Data under Applicable Data Protection Law (consistent with GDPR Recital 26 and Article 11), the obligations in this DPA relating to Personal Data processing do not apply to such data. However, to the extent any element of Telemetry Data could constitute Personal Data in a given context, this DPA shall apply.
2.4 Precedence. In the event of any conflict between this DPA and the Agreement, this DPA shall prevail with respect to the Processing of Customer Personal Data. The details of the Processing are set out in Annex I (Processing Details).
3. Roles and Responsibilities
3.1 Controller and Processor. With respect to Dashboard Account Data, Camp Four Software is the Controller. With respect to Telemetry Data, the Customer is the Controller and Camp Four Software is the Processor.
3.2 Joint Controllership Consideration. The Parties acknowledge that, pursuant to EDPB Guidelines 07/2020 on the concepts of controller and processor, the Processor's determination of certain essential means of Telemetry Data processing -- including the aggregation architecture, dimension constraints (platform, OS major version, device class, coarse locale), cardinality budget enforcement, and retention periods -- may give rise to elements of joint controllership under Article 26 of the GDPR.
3.3 Delineation of Responsibilities. Regardless of the characterization of the Parties' relationship:
(a) The Customer is responsible for: (i) determining the purposes of collecting Telemetry Data from its end users; (ii) ensuring a valid legal basis for the collection of data via the SDKs (e.g., legitimate interest under Article 6(1)(f) GDPR); (iii) providing appropriate transparency to its end users (e.g., in its own privacy policy); (iv) not encoding personal identifiers into event names or otherwise circumventing the platform's privacy-by-design architecture; and (v) responding to Data Subject requests from its end users, with Trackless's assistance as described in Section 9.
(b) Camp Four Software (Trackless) is responsible for: (i) operating the platform in accordance with the privacy invariants set forth in Section 6.3; (ii) maintaining the aggregate-only data architecture; (iii) enforcing cardinality budgets and dimension constraints to prevent re-identification; (iv) processing Dashboard Account Data in accordance with this DPA; and (v) assisting the Customer with its obligations under Applicable Data Protection Law as described herein.
4. Processing Instructions
4.1 Controller Instructions. The Processor shall process Customer Personal Data only on documented instructions from the Controller, including with respect to transfers of Personal Data to a third country, unless required to do so by European Union or Member State law to which the Processor is subject. In such case, the Processor shall inform the Controller of that legal requirement before Processing, unless that law prohibits such information on important grounds of public interest.
4.2 Documented Instructions. The Agreement, this DPA (including its Annexes), and the Customer's use and configuration of the Trackless Telemetry service (including SDK integration, application and API key configuration, and retention settings) constitute the Controller's complete and final documented instructions to the Processor regarding the Processing of Customer Personal Data.
4.3 Additional Instructions. If the Controller issues additional instructions that, in the Processor's reasonable opinion, exceed the scope of the Agreement or would infringe Applicable Data Protection Law, the Processor shall promptly notify the Controller and shall not be required to comply with such instructions until the Parties have agreed on amended terms.
5. Confidentiality
5.1 Confidentiality Obligations. The Processor shall ensure that persons authorized to process Customer Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
5.2 Access Limitation. The Processor shall limit access to Customer Personal Data to those personnel who require such access to perform the services under the Agreement. All such personnel shall be subject to confidentiality obligations no less protective than those set forth in this DPA.
6. Security Measures
6.1 Technical and Organizational Measures. The Processor shall implement and maintain appropriate technical and organizational measures to ensure a level of security appropriate to the risk of Processing, as described in Annex II (Technical and Organizational Measures). These measures include, but are not limited to:
(a) Encryption at rest -- All DynamoDB tables storing Customer Personal Data are encrypted at rest using AWS-managed encryption keys (AES-256).
(b) Encryption in transit -- All data in transit is protected by TLS 1.2 or higher. This applies to all endpoints, including the ingest Lambda Function URL, AppSync GraphQL API, and the Customer dashboard.
(c) Access controls -- Owner-based authorization is enforced at the data layer via AWS Cognito and AppSync. Each Customer can access only their own applications, API keys, and aggregate telemetry data. AWS IAM roles enforce least-privilege access for all Lambda functions and backend services.
(d) API key security -- API keys are SHA-256 hashed before storage. Plaintext keys are displayed only once at creation. Key rotation is supported via atomic DynamoDB TransactWrite operations. Keys have a minimum of 128 bits of entropy.
(e) Tenant isolation -- All data queries are scoped by owner (Cognito user sub). A shared ownership verification utility enforces consistent tenant isolation across all authenticated operations. Defense-in-depth filtering is applied on analytics queries.
(f) Operational logging restrictions -- Request bodies, plaintext API keys, IP addresses, and stack traces are never logged. Operational logs are limited to request ID, app ID, status code, latency, and validation error type. Log retention is capped at 90 days.
(g) Rate limiting -- Per-key and per-owner rate limiting via atomic DynamoDB counters, with fail-closed behavior on counter unavailability.
(h) DDoS protection -- CloudFront is mandatory for the production ingest endpoint.
(i) Audit logging -- Sensitive operations (API key creation, rotation, account deletion, data export, subscription changes, failed authentication) are logged to a dedicated audit log with 1-year retention, containing only timestamp, operation type, owner identifier, and success/failure status.
(j) Backup and recovery -- DynamoDB Point-in-Time Recovery (PITR) is enabled on all tables, providing continuous backups with a 35-day recovery window.
6.2 Security Review. The Processor shall regularly assess the effectiveness of its technical and organizational measures and make adjustments as necessary to ensure continued protection of Customer Personal Data.
6.3 Privacy Invariants. The Processor maintains the following architectural privacy invariants, which are enforced across all components of the platform:
- No persistent identifiers are collected or stored (user IDs, device IDs, install IDs, advertising IDs, hashed IPs).
- No fingerprinting data is collected (full user agent strings, exact device models, screen resolution).
- No cross-session linking is possible.
- No IP address processing -- IP addresses are never read, parsed, stored, or used by application code for any purpose.
- No web client storage for telemetry (cookies, localStorage, sessionStorage, IndexedDB).
- Aggregate counts only are stored long-term.
- High-cardinality abuse is automatically prevented via cardinality budgets.
- No request body logging in operational logs.
- No telemetry data is transmitted to any third-party service.
- No internal state leakage in error responses.
- No unrestricted DynamoDB Streams on the analytics table.
7. Sub-Processors
7.1 General Authorization. The Controller hereby grants the Processor a general written authorization to engage Sub-Processors for the Processing of Customer Personal Data, subject to the requirements of this Section 7.
7.2 Current Sub-Processors. The Controller acknowledges and agrees that the Processor engages the following Sub-Processors as of the Effective Date:
| Sub-Processor | Purpose | Data Processed | Location |
|---|---|---|---|
| Amazon Web Services, Inc. (AWS) | Cloud infrastructure provider (DynamoDB, Lambda, Cognito, SES, CloudWatch, CloudFront) | Dashboard Account Data; Telemetry Data | us-east-1 (Virginia, USA) |
| Stripe, Inc. | Payment processing for paid subscriptions | Cognito user sub (as customer metadata), email address, payment information. No telemetry data, app names, event names, or usage details. | United States |
7.3 Sub-Processor List. The Processor maintains a current list of Sub-Processors, publicly available at tracklesstelemetry.com/subprocessors.
7.4 Notification of Changes. The Processor shall notify the Controller of any intended changes concerning the addition or replacement of Sub-Processors at least thirty (30) days before the change takes effect. Notification shall be provided via email to the email address associated with the Customer's dashboard account.
7.5 Customer Objection Right. The Controller may object in writing to the appointment of a new Sub-Processor within the thirty (30) day notice period set forth in Section 7.4. Such objection must be reasonable and based on data protection grounds. If the Controller objects:
(a) The Processor shall use commercially reasonable efforts to make available to the Controller a change in the service that avoids the use of the objected-to Sub-Processor.
(b) If the Processor cannot make such a change within a reasonable period (not to exceed thirty (30) days from the date of the Controller's objection), the Controller may terminate the Agreement and this DPA with respect to the services that cannot be provided without the use of the objected-to Sub-Processor, without penalty. The Processor shall refund to the Controller any prepaid fees covering the remainder of the term following the effective date of termination.
7.6 Sub-Processor Obligations. The Processor shall: (a) impose data protection obligations on each Sub-Processor that are no less protective than those set forth in this DPA; (b) remain fully liable to the Controller for the performance of each Sub-Processor's obligations; and (c) ensure that each Sub-Processor agreement provides sufficient guarantees to implement appropriate technical and organizational measures.
8. International Data Transfers
8.1 Data Hosting. Customer Personal Data is hosted in the AWS region us-east-1 (Virginia, United States).
8.2 Transfer Mechanisms. For transfers of Customer Personal Data from the EEA, United Kingdom, or Switzerland to the United States, the Processor relies on the following transfer mechanisms:
(a) EU-US Data Privacy Framework ("DPF"). AWS is certified under the EU-US Data Privacy Framework for transfers to its US-based services. Stripe is certified under the EU-US Data Privacy Framework for payment processing operations. To the extent a Sub-Processor maintains a valid DPF certification, the DPF serves as the primary transfer mechanism.
(b) Standard Contractual Clauses. As a supplementary transfer mechanism, and to the extent required by Applicable Data Protection Law, the Parties agree that the Standard Contractual Clauses (Module 2: Controller to Processor), as set out in Annex III (Standard Contractual Clauses), are hereby incorporated into this DPA and apply to transfers of Customer Personal Data to the Processor in the United States.
8.3 Supplementary Measures. The Processor has implemented the following supplementary measures to protect Customer Personal Data transferred internationally:
- Encryption at rest (AES-256, AWS-managed keys) and in transit (TLS 1.2+).
- Owner-based access controls that prevent even the Processor's own personnel from accessing Customer Telemetry Data without explicit authorization.
- Operational logging restrictions that prevent the recording of Personal Data in system logs.
- Privacy-by-design architecture that minimizes the Personal Data present in Telemetry Data to the greatest extent technically feasible.
9. Data Subject Rights
9.1 Assistance with Data Subject Requests. The Processor shall, taking into account the nature of the Processing, assist the Controller by appropriate technical and organizational measures, insofar as possible, for the fulfillment of the Controller's obligation to respond to requests for exercising Data Subject rights under Chapter III of the GDPR.
9.2 Dashboard Users. For Data Subjects who are dashboard users (i.e., the Customer's own personnel), the following rights are supported directly through the Trackless Telemetry dashboard:
(a) Right of access (Article 15) -- Users can view all their account data via the dashboard.
(b) Right to data portability (Article 20) -- Users can export all account data as a JSON file via the data export function.
(c) Right to erasure (Article 17) -- Users can permanently delete their account and all associated data via the account deletion function. All telemetry data, API keys, applications, usage records, subscription records, and the Cognito account are removed.
(d) Right to rectification (Article 16) -- Users can update their account information through the dashboard settings.
(e) Right to restrict processing (Article 18) -- Users can deactivate API keys to cease telemetry collection, or delete their account entirely.
9.3 End Users of Customer Applications. The Parties acknowledge that end users of the Customer's applications are Data Subjects of the Customer, not of Trackless. Because the Trackless platform stores only pre-aggregated counts with no persistent identifiers:
(a) Trackless cannot identify any individual end user's contribution to aggregate counts.
(b) It is technically impossible to isolate, retrieve, rectify, or delete a specific end user's data from the aggregate counts.
(c) This position is consistent with GDPR Article 11 (processing which does not require identification) and Recital 26 (data that cannot identify a natural person is not personal data).
(d) The Processor shall provide the Customer with a template response that the Customer may use when responding to erasure requests from its end users regarding Telemetry Data.
9.4 Notification. The Processor shall promptly notify the Controller if it receives a request from a Data Subject directly, unless otherwise prohibited by law. The Processor shall not respond to such request directly without the Controller's prior authorization, unless required by Applicable Data Protection Law.
10. Data Breach Notification
10.1 Notification to Controller. The Processor shall notify the Controller without undue delay and in any event within seventy-two (72) hours after becoming aware of a Personal Data Breach affecting Customer Personal Data.
10.2 Content of Notification. The notification shall include, to the extent reasonably available:
(a) A description of the nature of the Personal Data Breach, including, where possible, the categories and approximate number of Data Subjects concerned and the categories and approximate number of Personal Data records concerned;
(b) The name and contact details of the Processor's data protection point of contact from whom further information can be obtained;
(c) A description of the likely consequences of the Personal Data Breach;
(d) A description of the measures taken or proposed to be taken by the Processor to address the Personal Data Breach, including, where appropriate, measures to mitigate its possible adverse effects.
10.3 Staged Notification. Where it is not possible to provide all information at the same time, the information may be provided in phases without undue further delay, provided the initial notification is made within the seventy-two (72) hour period.
10.4 Direct Notification to Data Subjects. Where a Personal Data Breach involving Dashboard Account Data (email addresses, billing information) is likely to result in a high risk to the rights and freedoms of natural persons, the Processor shall, at the Controller's direction and in coordination with the Controller, directly notify the affected dashboard users in accordance with Article 34 of the GDPR.
10.5 Cooperation. The Processor shall cooperate with the Controller and take such commercially reasonable steps as the Controller may direct to assist in the investigation, mitigation, and remediation of any Personal Data Breach.
10.6 Documentation. The Processor shall maintain a record of all Personal Data Breaches, including the facts relating to the breach, its effects, and the remedial action taken, as required under Article 33(5) of the GDPR.
11. Data Protection Impact Assessments
11.1 Assistance. The Processor shall provide reasonable assistance to the Controller with any Data Protection Impact Assessment and, where required, prior consultation with a Supervisory Authority, in each case in connection with the Processing of Customer Personal Data, taking into account the nature of the Processing and the information available to the Processor.
11.2 Low-Risk Assessment. The Processor has conducted a privacy risk assessment and has concluded that the Processing of Telemetry Data is low-risk due to the absence of personal identifiers. A copy of this assessment is available upon request.
12. Data Retention and Deletion
12.1 Telemetry Data Retention. Aggregate Telemetry Data (TracklessAnalytics records) is retained for a configurable period per API key, with a default of 395 days (approximately 13 months). Data is automatically deleted upon TTL expiry via DynamoDB's built-in TTL mechanism.
12.2 Dashboard Account Data Retention. Dashboard Account Data is retained until the Customer deletes their account.
12.3 Operational Log Retention. CloudWatch operational logs are retained for 90 days. Audit logs (sensitive operations only) are retained for 1 year.
12.4 Account Deletion. Upon the Customer's request (via the dashboard account deletion function), the following data is permanently deleted:
| Data Category | Storage | Deletion Method |
|---|---|---|
| Applications | TracklessApp (DynamoDB) | BatchWrite delete, owner-scoped query |
| API keys | TracklessApp (DynamoDB) | BatchWrite delete, owner-scoped query |
| Aggregate analytics data | TracklessAnalytics (DynamoDB) | BatchWrite delete via GSI |
| Waitlist requests | WaitlistRequest (DynamoDB) | Delete by email match |
| Usage records | TracklessUsage (DynamoDB) | BatchWrite delete, owner-scoped query |
| Subscription record | TracklessSubscription (DynamoDB) | Delete record; cancel Stripe subscription |
| Cognito account | AWS Cognito User Pool | Admin delete user |
12.5 Deletion Confirmation. An email notification is sent to the Customer confirming that account deletion was initiated. Once deletion is complete, no Customer Personal Data remains in the Processor's active systems. Residual copies in automated backups (DynamoDB Point-in-Time Recovery) will be overwritten within the 35-day backup window.
12.6 Return or Deletion on Termination. Upon termination or expiry of the Agreement, and subject to any legal retention obligations, the Processor shall, at the Controller's election: (a) return all Customer Personal Data to the Controller in a structured, commonly used, and machine-readable format (JSON) via the data export function; or (b) delete all Customer Personal Data in accordance with Section 12.4. If the Controller does not make an election within thirty (30) days of termination, the Processor shall delete all Customer Personal Data.
13. Audit and Inspection Rights
13.1 Audit Right. The Processor shall make available to the Controller all information necessary to demonstrate compliance with this DPA and Applicable Data Protection Law, and shall allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller.
13.2 Scope and Notice. The Controller shall provide at least thirty (30) business days' prior written notice of any audit. Audits shall be conducted during normal business hours, shall not unreasonably interfere with the Processor's operations, and shall be subject to reasonable confidentiality obligations.
13.3 Frequency. The Controller may exercise its audit right no more than once per twelve (12) month period, unless: (a) a Supervisory Authority requires or mandates an additional audit; or (b) a Personal Data Breach has occurred.
13.4 Third-Party Certifications. In lieu of an on-site audit, the Processor may, at its option, provide the Controller with: (a) a copy of any relevant third-party audit report or certification covering the Processor's systems and controls; or (b) responses to a reasonable data protection questionnaire provided by the Controller.
13.5 Cost. The costs of any audit shall be borne by the Controller, except where the audit reveals material non-compliance with this DPA by the Processor, in which case the Processor shall bear the reasonable costs of such audit.
14. Liability
14.1 Liability Cap. Each Party's liability arising out of or related to this DPA shall be subject to the exclusions and limitations of liability set forth in the Agreement.
14.2 Each Party's Liability. Each Party's liability under this DPA is subject to the exclusions and limitations of liability set forth in the Agreement, except to the extent Applicable Data Protection Law prohibits such exclusions or limitations with respect to Data Subjects' rights.
15. Term and Termination
15.1 Term. This DPA shall become effective on the Effective Date and shall remain in effect for the duration of the Agreement, and thereafter until all Customer Personal Data has been deleted or returned in accordance with Section 12.
15.2 Survival. The obligations of the Processor under this DPA with respect to the security and protection of Customer Personal Data shall survive the termination or expiry of the Agreement for so long as the Processor retains any Customer Personal Data.
16. General Provisions
16.1 Governing Law. This DPA shall be governed by and construed in accordance with the laws of the State of Michigan, United States, without regard to its conflict of law provisions, except to the extent that Applicable Data Protection Law requires the application of the law of another jurisdiction (in which case, the provisions of that law shall apply to the extent required).
16.2 Dispute Resolution. Any dispute arising under or relating to this DPA shall be subject to the exclusive jurisdiction of the state and federal courts located in the State of Michigan, without prejudice to the right of a Data Subject or Supervisory Authority to bring proceedings before the courts of the Member State in which the Data Subject or Supervisory Authority is established, where required under Applicable Data Protection Law.
16.3 Amendments. This DPA may be amended only by a written instrument signed by both Parties, except that the Processor may update the technical and organizational measures described in Annex II provided that such updates do not materially reduce the level of protection afforded to Customer Personal Data.
16.4 Severability. If any provision of this DPA is found to be invalid or unenforceable, the remaining provisions shall continue in full force and effect.
16.5 Entire DPA. This DPA, together with its Annexes, constitutes the complete agreement between the Parties with respect to the Processing of Customer Personal Data and supersedes all prior or contemporaneous agreements, representations, and understandings on that subject.
16.6 Contact. All notices and communications under this DPA shall be directed to:
- Processor:legal@tracklesstelemetry.com
- Controller: The email address associated with the Customer's Trackless Telemetry dashboard account, or such other address as the Controller may designate in writing.
17. Annexes
Annex I -- Processing Details
A. List of Parties
| Controller | Processor | |
|---|---|---|
| Name | Customer per the Agreement | Camp Four Software LLC |
| Address | Customer address | Michigan, USA |
| Contact details | Customer contact email | legal@tracklesstelemetry.com |
B. Description of Processing
| Element | Details |
|---|---|
| Subject matter | Processing of Personal Data in connection with the provision of the Trackless Telemetry analytics platform |
| Duration | For the term of the Agreement, plus any data deletion period as described in Section 12 |
| Nature of processing | Collection, storage, retrieval, aggregation, analysis, visualization, and deletion of event telemetry and dashboard account management data |
| Purpose of processing | To provide the Customer with aggregate analytics regarding event usage, OS fragmentation, version adoption, device class distribution, and locale distribution for the Customer's applications. To manage the Customer's dashboard account, authentication, billing, and API key lifecycle. |
C. Categories of Data Subjects
| Category | Description |
|---|---|
| Dashboard users | The Customer's personnel who access the Trackless Telemetry dashboard to configure applications, manage API keys, and view analytics |
| End users | Users of the Customer's applications in which the Trackless SDKs are integrated. End-user data is aggregated at the point of storage; no individual end-user records are maintained. |
D. Categories of Personal Data
| Data Category | Personal Data Elements | Notes |
|---|---|---|
| Dashboard Account Data | Email address; hashed password (Cognito-managed); application names; API key metadata (key prefix, environment, status, rate limit, retention setting); session cookies (essential authentication only); billing information (via Stripe: Cognito user sub, email, payment method) | Directly identifies or relates to the dashboard user |
| Telemetry Data | Event name; count (aggregate); date (UTC day); platform (ios/android/web); OS major version; device class (phone/tablet/desktop); coarse locale (ISO 3166-1 alpha-2, derived from device locale, not IP) | Pre-aggregated counts only. Contains no persistent identifiers. Not linked to individual end users. |
E. Data NOT Collected or Processed (by design)
The following data elements are never collected, processed, or stored by the Trackless Telemetry platform:
- User IDs, device IDs, install IDs, advertising IDs (IDFA, GAID, SSAID)
- Session IDs or session duration
- IP addresses (not read, parsed, or processed by application code)
- Hashed IP addresses
- Full user agent strings
- Exact device models
- Screen resolution, fonts, GPU information, timezone
- Names or directly identifying personal data of end users
- Cookies, localStorage, sessionStorage, or IndexedDB entries for telemetry
F. Sensitive Data
No special categories of Personal Data (Article 9 GDPR) or data relating to criminal convictions and offences (Article 10 GDPR) are processed under this DPA.
G. Frequency of Transfer
Dashboard Account Data: Continuous, as the Customer accesses and uses the dashboard.
Telemetry Data: Continuous, as end users interact with the Customer's applications and the SDKs transmit aggregate event payloads to the ingest endpoint.
H. Retention Period
| Data Type | Retention |
|---|---|
| Aggregate analytics data | Configurable per API key; default 395 days (approximately 13 months); automatic deletion via DynamoDB TTL |
| Dashboard account data | Until account deletion by the Customer |
| API keys (hashed) | Until deleted by the Customer or upon account closure |
| Operational logs | 90 days (CloudWatch) |
| Audit logs | 1 year |
| Raw event payloads | Not stored (data is pre-aggregated at ingestion) |
| IP addresses | Never processed by application code |
Annex II -- Technical and Organizational Measures
The Processor has implemented the following technical and organizational measures pursuant to Article 32 of the GDPR. For full details, see the security measures described in Section 6 of this DPA.
Annex III -- Standard Contractual Clauses
This Annex incorporates the Standard Contractual Clauses adopted by the European Commission pursuant to Implementing Decision (EU) 2021/914 of 4 June 2021 ("SCCs"), Module 2 (Controller to Processor), for the transfer of Personal Data from the Controller in the EEA to the Processor in the United States. The Parties select Option 2: General written authorization for Clause 9 (Use of sub-processors). The data importer has the data exporter's general authorization for the engagement of Sub-Processors from the agreed list in Section 7.2 of the DPA. The data importer shall inform the data exporter of any intended changes to that list at least 30 days in advance.
Contact
For questions about this Data Processing Agreement, please contact us at:
Camp Four Software
Email: legal@tracklesstelemetry.com