Data processing addendum

KaritKarma Limited acts as data processor for customer content stored in Pressable. Customers are the data controller. Sub-processors are Wenme (authentication), Darwan (authorisation), LoneSock Pay (billing), and MinIO-hosted object storage running inside our own infrastructure.

Data is stored at rest encrypted with AES-256. Data in transit is TLS 1.3. Backups are encrypted with a separate key and retained for 30 days. Deletion requests complete within 24 hours across primary storage and within 30 days across backups.

A signed DPA PDF matching this summary is available on request from legal@karitkarma.com. Enterprise customers on the Team plan can request a custom DPA with additional clauses.