Last updated: 18 October 2025
This Data Processing Agreement (DPA) applies where the Client (Data Controller) provides data to Tyci Audit (Data Processor) for the purpose of conducting security audits of the Client's applications and infrastructure.
We process Client data solely for the purpose of performing the agreed security audit. This includes reviewing source code, configurations, API endpoints, and infrastructure setups. All review is conducted by our human engineers, assisted by industry-standard automated scanning tools.
We do not send Client code or data to third-party AI providers. We do not use Client data to train any AI or machine learning models.
The Client grants general authorization to use the following sub-processors:
We will notify the Client before adding any new sub-processors. The Client has the right to object to new sub-processors within 14 days of notification.
We implement technical and organizational measures including data minimization, encryption (AES-256 at rest, TLS 1.3 in transit), role-based access control, and multi-factor authentication for all system access.
Audit artifacts are purged on a retention schedule agreed with the Client. By default, all Client data and artifacts are deleted within 90 days of engagement completion. The Client may request earlier deletion at any time.
In the event of a personal data breach, we will notify the Client without undue delay and no later than 48 hours after becoming aware of the breach, providing all information required under Art. 33 GDPR.
For questions about this DPA, contact us at contact@tycitensor.com.