Data Processing Agreement (DPA)
Effective date: 2026-03-19
This Data Processing Agreement (“DPA”) forms part of the Terms of Service between ATSReady (“Processor”) and the enterprise customer (“Controller”) using ATSReady's platform to process personal data of their employees or users.
1. Definitions
- Personal Data — any information relating to an identified or identifiable natural person, as defined under the GDPR and applicable data protection law.
- Processing — any operation performed on Personal Data, including collection, storage, use, disclosure, and deletion.
- Sub-processor — any third party engaged by ATSReady to process Personal Data.
2. Scope and Purpose of Processing
ATSReady processes Personal Data solely for the purpose of providing the resume building, ATS scoring, and AI-assisted writing services described in the Terms of Service. Processing is limited to the data provided by the Controller and is performed on documented instructions from the Controller.
3. Data Subject Rights
ATSReady assists the Controller in fulfilling its obligations to respond to requests from data subjects exercising their rights under applicable law (access, rectification, erasure, portability, restriction of processing). Requests should be directed to privacy@atsready.in. Account deletion is available self-service via the Account Settings page.
4. Sub-processors
ATSReady uses the following sub-processors to deliver its services:
| Sub-processor | Purpose | Location |
|---|---|---|
| Neon (Neon Inc.) | PostgreSQL database hosting | US East |
| Cloudflare R2 | Resume file storage | Global |
| Clerk.dev | Authentication and identity | US |
| Google (Gemini API) | AI resume processing | US |
| Resend | Transactional email | US |
| Vercel | Application hosting and CDN | Global |
5. Security Measures
ATSReady implements appropriate technical and organisational measures to protect Personal Data against unauthorised access, including: encryption in transit (TLS 1.2+), encryption at rest, access controls limiting employee access to Personal Data, and automated deletion of uploaded resume files after processing.
6. Data Retention
Personal Data is retained for as long as the user account is active. Upon account deletion, Personal Data is deleted within 30 days. Financial records (payment orders) are retained for 7 years as required by Indian GST law, with personal identifiers removed.
7. Data Breach Notification
ATSReady will notify the Controller of any confirmed Personal Data breach without undue delay and, where feasible, within 72 hours of becoming aware of it. Notification will include: the nature of the breach, categories of data affected, likely consequences, and measures taken.
8. Contact
For DPA-related queries, contact privacy@atsready.in.