Data Processing Agreement

Version 1.0 — effective May 15, 2026

Note: Version 1.0 (initial draft). Subject to legal review.

1. Parties

• Data Controller (Customer): the tenant using the gestrip platform.
• Data Processor (gestrip): G.Z.G. s.a.s. di Zamprogno Stefano & C. (hereinafter "gestrip"), VAT IT04911550269, registered office Via Feltrina Centro 137, Biadene di Montebelluna (TV), Italy. Email: posta.gzg@gmail.com — Phone: +39 0423 609492. "gestrip" is the commercial name of the SaaS service provided by the company.

2. Subject

gestrip provides the Customer with a multi-tenant SaaS service for managing jewelry repairs, processing on behalf of the Customer the personal data of the Customer's end clients.

3. Categories of data processed

• End-client identification data (name, surname, phone, email)
• Description of items delivered for repair + photos
• Estimated, invoiced, and collected amounts
• Payment data, if any (no PAN: card data flows directly to Stripe)

4. Duration and end of processing

Processing lasts for the duration of an active subscription, plus the grace period provided by Phase C of the lifecycle (30 days) and the cold storage provided by Phase E (60 days after termination, for restoration upon Customer request). At the end, data is permanently deleted, except in cases of explicit early erasure request (Art. 17, see §6).

5. Technical and organizational measures

• TLS 1.3 end-to-end via Caddy on all exposed HTTP traffic
• Per-tenant isolation: each tenant has separate SQLite database, separate photo directory, separate Flask process, separate TCP port
• Encrypted backups at-rest (restic) to two independent external storage providers (Hetzner Storage Box in Germany + Backblaze B2), daily atomic snapshots, weekly restore drill
• gestrip operator administrative access only via Tailscale (private network), no internet exposure. Tenant panel access is via HTTPS web (TLS 1.3)
• Server access logs retained 90 days for security, debug, and aggregated statistics (legal basis Art. 6.1.f legitimate interest)
• Automatic hard-delete (Phase E) 90 days after subscription termination (30d grace + 60d cold)

6. Data subject rights

In accordance with EU Regulation 679/2016, the data subject has the right to:

• Access (Art. 15)
• Rectification (Art. 16)
• Erasure (Art. 17) — available on request via the Customer through the admin "right-to-erasure" function (Phase F4)
• Restriction (Art. 18)
• Portability (Art. 20) — structured data export available on request
• Object (Art. 21)

Requests are addressed to the Customer (Controller). gestrip as Processor cooperates within a maximum technical timeframe of 30 days.

7. Sub-processors

gestrip uses sub-processors listed on the dedicated page: https://gestrip.app/legal/en/sub-processors. Any changes will be notified to the Customer with 30 days advance notice.

Transfers to third countries. Some sub-processors are located outside the European Economic Area (EEA). Such transfers occur only under appropriate safeguards pursuant to Chapter V of the GDPR: an EU Commission adequacy decision (Art. 45), where applicable (including the EU-US Data Privacy Framework for certified providers), or Standard Contractual Clauses (SCC) adopted by the EU Commission (Art. 46). The specific safeguards adopted by each sub-processor are set out in their respective DPA, accessible via the links on the sub-processors page.

8. Breach notification

In case of personal data breach, gestrip notifies the Customer without undue delay and in any case within 72 hours of discovery, providing: nature of breach, categories and approximate number of data subjects, data records involved, measures taken or proposed.

9. Audit

The Customer has the right to request information on measures adopted and to conduct audits with minimum 30 days notice and agreed modalities.

10. Termination

Upon termination of the contractual relationship, gestrip shall, upon Customer instruction, return (export) or permanently delete the data. In absence of instructions, the automatic deletion provided by Phase E lifecycle applies.

11. Governing law and jurisdiction

This agreement is governed by Italian law. Any dispute shall be subject to the exclusive jurisdiction of the Court of Treviso, Italy.

Document version history: see version archive.