Data Processing Addendum

Effective date: May 18, 2026.

Provider: OniLink UG (haftungsbeschränkt), Nikopoler Str. 35, 01619 Zeithain, Germany.

This Data Processing Addendum applies when a customer uses Tsumu to process personal data in customer-uploaded workspace, source, notebook, or chat content and the customer acts as controller for that personal data.

This Data Processing Addendum forms part of the Tsumu Terms for the processing it covers.

German statutory reference materials are provided because the operator is currently established in Germany. They do not mean that Tsumu targets, solicits, or markets to consumers habitually resident in Germany.

Questions about this Data Processing Addendum can be sent to support@tsumuapp.com.

OniLink UG (haftungsbeschränkt) is controller for account data, billing data, support records, security records, usage and entitlement records, moderation records, and product-operation records.

OniLink UG (haftungsbeschränkt) is processor only for customer-uploaded workspace, source, notebook, and chat content to the extent the customer controls the personal data inside that content and Tsumu processes it to provide the service.

If customer content does not contain personal data controlled by the customer, this Data Processing Addendum does not create processor obligations for that content.

The subject matter is Tsumu's hosting, storage, indexing, source processing, AI-assisted retrieval, AI-assisted generation, export, deletion, and support of customer content.

Processing lasts for the period the customer uses Tsumu, keeps the relevant content in Tsumu, or needs Tsumu to assist with deletion, export, support, security, or legal obligations.

After a confirmed valid deletion request, Tsumu removes processor content from active systems immediately where the relevant product control or accepted support instruction applies.

Supabase database backups may retain deleted processor content for up to 7 days before automatic expiry.

Tsumu may keep limited internal process receipts and controller records for account, billing, support, deletion, export, security, legal, and entitlement actions as described in the Privacy Policy, but those records remain separate from returned or deleted processor content.

Provider retention windows may also apply to AI API abuse monitoring, hosting or runtime logs, email delivery records, payment records, support correspondence, backups, and security or audit logs under provider terms and active account settings.

Tsumu processes customer content to provide project memory features, including workspace organization, source import, notebook storage, chat storage, source lookup, generated project context, decisions, follow-ups, review items, chat-to-memory extraction, memory refresh, limited upgrade-triggered reprocessing or review of eligible sources and chats, background project-memory consolidation for eligible plans, clean project-memory export, account export, deletion, support, security, abuse prevention, and troubleshooting.

Tsumu does not use processor content for model training, ad targeting, or unrelated product analytics.

Tsumu does not intentionally opt processor content into AI-provider model training. AI-provider abuse monitoring, safety, security, debugging, support, legal, or service-retention logs may still apply under provider terms and configured account settings.

Tsumu does not process processor content for cross-context behavioral advertising or sell customer workspace data.

Tsumu does not use customer workspace content to make solely automated decisions with legal or similarly significant effects about people.

Customer content may include names, contact details, work information, meeting notes, interview notes, customer feedback, project notes, source documents, notebook text, chat messages, and any other personal data the customer chooses to upload or write in Tsumu.

Tsumu may also create derived continuity data from those first-level inputs, including summaries, decisions, follow-up items, review items, memory records extracted from sources or chats, source excerpts, embeddings or processing metadata, model/version metadata, and other service metadata needed to provide continuity features.

Data subjects may include the customer's users, personnel, contractors, clients, customers, prospects, interviewees, meeting participants, collaborators, or other people referenced in customer content.

Customers must not upload, write, import, or generate content containing personal data about other people unless they have consent, authority, or another lawful basis to process that data through Tsumu and its providers.

Customers should not upload passwords, secrets, payment card numbers, government identifiers, regulated health data, children's data, or other highly sensitive material unless they have a clear legal basis and explicit approval to process it through Tsumu and its providers.

The customer's documented instructions are the Tsumu Terms, this Data Processing Addendum, product settings and controls, support requests, deletion or export requests, and other written instructions accepted by Tsumu.

Published privacy, subprocessor, support, and FAQ materials may explain available controls and processing practices, but they do not expand the customer's documented instructions unless incorporated into the Terms, this Data Processing Addendum, product controls, or a written instruction accepted by Tsumu.

Tsumu will process processor content only to provide, secure, support, maintain, troubleshoot, and operate the service, or as required by applicable law.

The customer is responsible for ensuring it has a lawful basis, notices, permissions, and authority needed to upload or process personal data through Tsumu.

If Tsumu believes a customer instruction violates applicable data protection law, Tsumu may pause the instruction and notify the customer where appropriate.

At launch, direct human admin, support, and database access to customer content is limited to the owner/operator of Tsumu.

Before adding personnel or contractors with direct human access to processor content, Tsumu will require appropriate confidentiality obligations.

Tsumu will limit access to processor content to personnel, contractors, and providers who need access for service, support, security, legal, or operational purposes and who are subject to confidentiality obligations.

Tsumu will maintain technical and organizational measures designed to protect processor content, including hosted authentication, access controls, restricted admin credentials, admin/provider account authentication controls, rate limiting, Cloudflare Turnstile security checks where enabled, logging, provider-managed secret storage, and provider-managed infrastructure security.

Tsumu will reasonably assist customers with data subject requests, deletion, export, security, breach response, and compliance information through available product controls and support channels.

Tsumu will reasonably assist with data protection impact assessments and regulator consultation where legally required and directly related to Tsumu's processor role.

Tsumu will notify affected customers without undue delay after becoming aware of a personal data breach involving processor content, where notice is legally required or reasonably needed for the customer to meet its own obligations.

The customer gives general authorization for Tsumu to use subprocessors needed to provide, secure, support, bill, and maintain the service.

The subprocessors page lists production providers, purposes, data categories, and provider legal reference links.

Tsumu requires subprocessors to protect personal data through contract or provider terms appropriate to the processing they perform.

Provider roles may vary by service. Payment, infrastructure, email, and AI providers may process limited account, usage, security, fraud, compliance, or legal-obligation data under their own terms where they act as controller, service provider, or independent provider for those purposes.

Where GDPR transfer rules apply, Tsumu relies on an adequacy decision, Standard Contractual Clauses, or another lawful transfer mechanism.

Subprocessor questions or objections can be sent to support@tsumuapp.com.

Customers may use product controls and support channels to export or delete customer content where available.

On account termination or valid deletion request, Tsumu will delete or return processor content from active systems immediately according to available product controls, accepted support instructions, legal obligations, and operational constraints. Supabase database backups may retain deleted processor content for up to 7 days before automatic expiry.

Tsumu will provide reasonable information needed to demonstrate compliance with this Data Processing Addendum, subject to confidentiality, security, abuse-prevention, and reasonable-scope limits.

Any audit or inspection request must be reasonable, written, limited to processor obligations, and structured to avoid exposing other users' data, security-sensitive details, or provider confidential information.

This Data Processing Addendum does not make the customer controller of Tsumu account data, billing data, support records, security logs, moderation records, usage records, product entitlement records, or legal compliance records.

OniLink UG (haftungsbeschränkt) processes those records as controller as described in the Privacy Policy.

If a separate written agreement conflicts with this Data Processing Addendum, the separate written agreement controls for the customer and processing it expressly covers.