Tikly Data Processing Agreement (DPA)

Written By Blessed Patrick

Last updated About 2 hours ago

Effective Date: March 14, 2026

This Data Processing Agreement (“DPA”) forms part of the Tikly Terms of Service and applies whenever Tikly processes personal data on behalf of its users in connection with the Tikly platform and services.

The purpose of this DPA is to help ensure compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and other relevant privacy regulations.

1. Definitions

For the purposes of this DPA:

  • “Personal Data”
    Any information relating to an identified or identifiable person (for example, a name, email address, IP address, or device identifier).

  • “Processing”
    Any operation performed on personal data, whether automated or not. This includes collection, recording, organization, storage, adaptation, retrieval, use, transmission, disclosure, erasure, or destruction.

  • “Controller”
    The user or organization that determines the purposes and means of processing personal data. In the context of Tikly, this is typically the account holder who decides what data to collect from visitors.

  • “Processor”
    Tikly, which processes personal data on behalf of the Controller and according to the Controller’s instructions.

  • “Services”
    The Tikly platform and all related features, including but not limited to:

  • Link pages

  • Short links

  • QR codes

  • Analytics and tracking

  • Websites and landing pages

  • Any other related tools, integrations, or functionalities provided by Tikly

2. Roles of the Parties

  • Users as Controllers
    Users of Tikly act as Data Controllers because they decide:

  • What personal data is collected from visitors

  • How that data is used

  • How long it is retained

  • Tikly as Processor
    Tikly acts as a Data Processor because it:

  • Processes personal data on behalf of users

  • Follows the user’s documented instructions, as set out in this DPA and the Tikly Terms of Service

Tikly will not process personal data for its own purposes that are incompatible with this DPA and the user’s instructions.

3. Purpose of Data Processing

Tikly processes personal data solely to provide, maintain, and improve its Services and to support users in using those Services.

This includes, for example:

  • Hosting link pages and websites
    Storing and serving user-created pages and content to visitors.

  • Generating short links and QR codes
    Creating and managing shortened URLs and QR codes that redirect to user-defined destinations.

  • Providing analytics and tracking information
    Collecting and presenting aggregated and individual-level metrics such as:

  • Click counts

  • Referrers

  • Device and browser types

  • Approximate location data

  • Maintaining platform functionality
    Ensuring the platform operates reliably and efficiently, including:

  • Performance monitoring

  • Error detection and debugging

  • Service optimization

  • Customer support and security monitoring
    Using relevant data to:

  • Respond to support requests

  • Detect and prevent fraud, abuse, or security incidents

  • Enforce Tikly’s Terms of Service

Tikly does not sell personal data.

4. Types of Personal Data Processed

The specific data processed depends on how users configure their Tikly pages and which features they use. Tikly may process, among others, the following categories of personal data:

  • Technical and usage data

  • Visitor IP addresses

  • Browser type and version

  • Device type, operating system, and related identifiers

  • Referrer URLs and visited URLs within Tikly pages

  • Page interaction data (e.g., clicks, views, timestamps)

  • Location data (approximate)

  • General geographic information derived from IP addresses (e.g., city, region, country)

  • Used primarily for analytics and security purposes

  • Contact and form data

  • Email addresses or other contact details submitted through forms on Tikly pages

  • Any other information visitors voluntarily provide via forms or input fields configured by the user

  • Payment-related data

  • Payment information is handled by third-party payment processors (e.g., card networks, payment gateways)

  • Sensitive payment details (such as full credit card numbers) are not stored directly by Tikly

  • Tikly may receive limited payment-related metadata (e.g., transaction IDs, status, timestamps) from these processors for billing and account management

The exact data collected may vary based on the user’s settings, integrations, and the content they choose to publish or request from visitors.

5. Data Security

Tikly implements appropriate technical and organizational measures designed to protect personal data against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

These measures may include:

  • Encrypted data transmission (HTTPS)
    All data transmitted between users, visitors, and Tikly’s servers is protected using industry-standard encryption (e.g., TLS/SSL).

  • Access control and authentication

  • Role-based access controls for internal systems

  • Authentication mechanisms for user accounts (e.g., passwords, optional additional security measures)

  • Principle of least privilege for staff access to personal data

  • Monitoring and security logging

  • Logging of relevant system and access events

  • Monitoring for unusual or suspicious activity

  • Incident detection and response procedures

  • Secure infrastructure and hosting

  • Use of reputable cloud hosting providers

  • Regular updates and security patches

  • Backups and resilience measures where appropriate

Tikly continuously works to review and improve its security practices in line with industry standards and evolving threats.

6. Subprocessors

Tikly may engage trusted third-party service providers (“Subprocessors”) to support the operation and delivery of its Services.

Examples of such Subprocessors include:

  • Cloud hosting providers
    For storing and serving data and content.

  • Analytics providers
    For collecting and processing usage and performance data.

  • Email delivery services
    For sending account-related notifications, password resets, and other service communications.

  • Payment processors
    For handling payments, subscriptions, and related financial transactions.

Tikly ensures that:

  • Subprocessors only process personal data as necessary to provide their services to Tikly.

  • Subprocessors are bound by contractual obligations to:

  • Maintain appropriate security measures

  • Process personal data in accordance with applicable data protection laws

  • Use the data only for the agreed purposes

7. Data Subject Rights

Where applicable under data protection laws (such as the GDPR), individuals (“data subjects”) may have certain rights regarding their personal data, including:

  • Right of access
    To obtain confirmation of whether their personal data is being processed and to receive a copy of that data.

  • Right to rectification
    To request correction of inaccurate or incomplete personal data.

  • Right to erasure (“right to be forgotten”)
    To request deletion of personal data under certain conditions.

  • Right to restriction of processing
    To request that processing be limited in specific circumstances.

  • Right to data portability
    To receive personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller where technically feasible.

Responsibilities

  • Users (Controllers)
    Users are responsible for:

  • Handling and responding to requests from their own visitors or customers regarding these rights

  • Ensuring their use of Tikly complies with applicable data protection laws

  • Tikly (Processor)
    Tikly will:

  • Provide reasonable assistance to users in fulfilling data subject requests, where technically and legally possible

  • Implement tools and processes that help users manage personal data (e.g., deletion or export features where available)

8. Data Retention

Tikly retains personal data only for as long as necessary to:

  • Provide and maintain the Services

  • Fulfill the purposes described in this DPA

  • Comply with legal, regulatory, or contractual obligations

  • Resolve disputes and enforce agreements

Key points:

  • Data may be retained for different periods depending on:

  • The type of data

  • The user’s account status and settings

  • Legal or regulatory requirements

  • Users may request deletion of data associated with their account, subject to:

  • Applicable legal obligations (e.g., financial record-keeping)

  • Operational requirements (e.g., security logs that must be retained for a defined period)

After the relevant retention period, personal data may be deleted or irreversibly anonymized.

9. Data Transfers

Tikly may process and store personal data in multiple jurisdictions, depending on the locations of its hosting and infrastructure providers.

When personal data is transferred internationally, Tikly:

  • Implements safeguards designed to comply with applicable data protection laws (such as the GDPR)

  • May rely on mechanisms including:

  • Standard Contractual Clauses (SCCs)

  • Adequacy decisions by relevant authorities

  • Other legally recognized transfer tools

These measures aim to ensure that personal data remains protected to a standard consistent with applicable regulations, regardless of where it is processed.

10. Breach Notification

If Tikly becomes aware of a confirmed personal data breach that affects personal data processed on behalf of users, Tikly will:

  • Notify affected users without undue delay after becoming aware of the breach

  • Provide information that is reasonably available at the time, which may include:

  • The nature of the breach

  • The categories and approximate number of data subjects and records affected

  • Likely consequences of the breach

  • Measures taken or proposed to address and mitigate the breach

Users, as Controllers, are responsible for:

  • Assessing whether they must notify affected individuals and/or data protection authorities

  • Fulfilling any such notification obligations under applicable laws

Tikly will cooperate with users, where reasonably possible, to support these obligations.

11. Termination

This DPA remains in effect for as long as Tikly processes personal data on behalf of the user.

Upon termination of the Services:

  • Tikly may delete or anonymize personal data associated with the user’s account in accordance with:

  • This DPA

  • Tikly’s data retention policies

  • Applicable legal requirements

Some data may be retained for a limited period after termination where necessary for:

  • Legal compliance

  • Fraud prevention

  • Dispute resolution

  • Enforcement of agreements

12. Updates to this DPA

Tikly may update this Data Processing Agreement from time to time to reflect:

  • Changes in legal or regulatory requirements

  • Updates to Tikly’s Services, infrastructure, or business operations

  • Improvements in privacy and security practices

When this DPA is updated:

  • The “Effective Date” at the top of the document will be revised

  • Continued use of Tikly’s Services after the updated DPA takes effect constitutes acceptance of the updated terms

Users are encouraged to review this DPA periodically to stay informed about how Tikly processes personal data.

13. Contact

For questions about this Data Processing Agreement or privacy-related matters, you can contact Tikly at: