Controller and processor terms for customer personal data hosted on Tucloud.
Last updated July 14, 2026
Tucloud policy
Data Processing Addendum
01
Scope and roles
This Data Processing Addendum applies when Tucloud processes personal data on behalf of a business customer through hosting, deployment, database, email, or related services. The customer is the controller or processor that determines instructions, and Tucloud acts as processor or subprocessor for that customer data.
For account, billing, security, abuse, and service administration data that Tucloud determines how to process, Tucloud acts as an independent controller as described in the Privacy Policy.
02
Customer instructions
Tucloud will process customer personal data only to provide the services, comply with documented customer instructions, protect the services, and meet legal obligations. The agreement, service configuration, and support requests constitute documented instructions.
The customer is responsible for ensuring its instructions and processing are lawful and for providing all required notices and obtaining any required consent.
03
Confidentiality and security
Personnel authorized to process customer personal data are subject to confidentiality obligations. Tucloud maintains technical and organizational measures appropriate to the service and risk, including access controls, encrypted transport, infrastructure isolation, secret encryption, monitoring, backups, vulnerability controls, and incident procedures.
04
Subprocessors
The customer authorizes Tucloud to use subprocessors needed to provide the services. Tucloud will require subprocessors to protect customer personal data through contractual or other legally recognized obligations appropriate to their role. The current Subprocessor List is incorporated into this Addendum.
Tucloud may update subprocessors as services evolve. A customer with a reasonable data protection objection should contact Tucloud promptly so the parties can seek a practical resolution.
05
Assistance and incidents
Taking into account the nature of processing and information available, Tucloud will provide reasonable assistance with data subject requests, security obligations, impact assessments, and regulator inquiries. Additional work outside standard service capabilities may be charged at agreed rates.
Tucloud will notify the customer without undue delay after confirming a personal data breach affecting customer personal data and will provide available information reasonably needed for the customer's legal obligations.
06
International transfers
Customer personal data may be processed in countries identified in the Privacy Policy or Subprocessor List. Where a transfer mechanism is legally required, the parties will cooperate to implement applicable standard contractual clauses or another valid safeguard.
07
Deletion, return, and audits
At termination and on customer request, Tucloud will delete or make available customer personal data within the service's technical capabilities, except where retention is required by law or maintained temporarily in protected backups.
Tucloud will provide information reasonably necessary to demonstrate compliance. Audits must be proportionate, protect other customers and security, avoid unreasonable disruption, and use available reports before requesting an on-site review.
08
Precedence and contact
If this Addendum conflicts with the Terms on processing customer personal data, this Addendum controls. Requests concerning this Addendum may be sent to legal@tucloud.app.