Legal

Data Processing Addendum

Last updated May 1, 2026.

This Data Processing Addendum applies when Tellr processes personal data on behalf of a customer. It forms part of the order between Tellr and the customer.

1. Roles

The customer is the controller of personal data submitted to Tellr. Tellr is the processor. Tellr processes data only on documented instructions from the customer.

2. Subject matter and duration

Tellr processes personal data for the duration of the customer's subscription, plus a brief retention window selected by the customer in the dashboard.

3. Sub processors

Tellr uses a short list of sub processors for hosting, observability plus email delivery. The current list is published at this page and updated when changes happen. Customers receive 30 days notice before a new sub processor is added.

  • AWS for compute and storage.
  • Cloudflare for edge delivery.
  • Datadog for telemetry.
  • Resend for transactional email.

4. Security measures

See the Security overview. Tellr maintains a SOC 2 Type II report on request under NDA.

5. International transfers

Tellr stores data in the region the customer selects. The default is the United States. EU and UK customers can select Frankfurt. Standard Contractual Clauses are incorporated by reference for transfers between regions.

6. Data subject rights

Tellr assists the customer in responding to data subject requests within five business days of a written request from the customer.

7. Audits

Customers can audit Tellr's controls once per year on 30 days notice. The SOC 2 report and a written control questionnaire are accepted as alternatives.

8. Contact

DPA execution and questions go to legal@tellr.tech.