Data Processing Agreement
Effective January 1, 2025 · Aster Stream Tech Pte. Ltd.
This DPA forms part of your agreement with Aster Stream Tech Pte. Ltd. and applies to all processing of personal data undertaken by us on your behalf as part of providing the AsterStreamTech Service.
1. Definitions
"Controller" — you, the customer, who determines the purposes and means of processing personal data.
"Processor" — Aster Stream Tech Pte. Ltd., who processes personal data on behalf of the Controller.
"Personal Data" — any information relating to an identified or identifiable natural person, as defined under applicable data protection laws including GDPR.
2. Roles of the Parties
You (the Controller) determine what personal data is entered into AsterStreamTech and for what outreach purposes. Aster Stream Tech Pte. Ltd. (the Processor) processes that data strictly to provide the contracted Service and in accordance with your documented instructions.
3. Controller's Responsibilities
- You have a lawful basis for processing each category of personal data you enter;
- The personal data relates to business contacts used exclusively for legitimate B2B outreach;
- You have not uploaded special categories of personal data;
- You comply with applicable data protection laws in your jurisdiction.
4. Processor's Obligations
- Process personal data only on your documented instructions;
- Ensure personnel are bound by appropriate confidentiality obligations;
- Implement appropriate technical and organisational security measures;
- Notify you within 72 hours of any personal data breach;
- Delete or return all personal data upon termination of the Service.
5. Authorised Sub-Processors
| Sub-Processor | Location | Purpose |
|---|---|---|
| OpenAI, Inc. | United States | AI lead analysis and email generation |
| Stripe, Inc. | United States | Payment processing |
| Neon (database hosting) | United States | PostgreSQL database (encrypted at rest) |
6. International Data Transfers
Personal data may be transferred to countries outside your jurisdiction. Such transfers are made under appropriate safeguards including the EU Standard Contractual Clauses (SCCs) where required under GDPR.
7. Security Measures
TLS 1.2+ encryption in transit · AES-256 at rest · bcrypt password hashing · Role-based access controls · Automated backups · Access monitoring and alerting.
8. Governing Law
This DPA is governed by the laws of the Republic of Singapore and forms an integral part of the Terms of Service.
9. Contact
Aster Stream Tech Pte. Ltd. · 77 High Street, #10-12B, High Street Plaza, Singapore 179433 · aster.stream.tech@gmail.com