Data Processing Agreement

YourSky.blue logo

This Agreement was last revised on September 14, 2025 and replaces all previous versions.

Preamble

This Data Processing Agreement (“Agreement”) forms part of the YourSky.blue Terms of Service available at https://yoursky.blue/legal/software-as-a-service-agreement or any other SaaS Subscription Agreement entered into between the Customer and YourSky.blue LLC (the “Principal Agreement”).

It applies automatically and without signature to all Customers who subscribe to and use the Services.

This DPA reflects current practices. Should any changes occur, such as new data transfers or addition of sub-processors, Customers will be notified and provided with relevant details.

1. Roles of the Parties

The Customer acts as the Data Controller.

YourSky.blue LLC acts as the Data Processor.

Both Parties shall comply with the General Data Protection Regulation (GDPR), the Swiss Federal Act on Data Protection (FADP), and other applicable laws.

2. Subject Matter

This Agreement governs the processing of Personal Data that Customers upload, store, or otherwise make available when using YourSky.blue SaaS services.

3. Categories of Data

Depending on Customer use, the Processor may process:

  • User credentials (names, emails, login data),
  • Project/application data,
  • Technical logs and usage metadata,
  • Billing details (if provided).

The Processor does not use Customer Data (as defined herein) for its own purposes, except where required to comply with billing, payment, accounting, tax, or other legal obligations as an independent Controller.

4. Sub-Processors

YourSky.blue engages trusted third-party sub-processors to support the provision of its SaaS services.

The current and authoritative list of sub-processors is maintained on the dedicated Sub-Processors page: https://yoursky.blue/legal/subprocessors

By subscribing to the Services, Customers acknowledge and agree that:

  • Sub-processors may change from time to time.
  • YourSky.blue will provide notice of any new sub-processors by updating the Sub-Processors page.
  • Customers have 14 calendar days to raise any objection in writing to the Processor.
  • Only sub-processors with access to Customer Personal Data are listed; monitoring or infrastructure services without access to Personal Data are not included.

5. Security Measures

YourSky.blue implements appropriate technical and organizational measures, taking into account the nature of the processing and associated risks, including:

  • Data encryption at rest and in transit,
  • Access controls and authentication,
  • Logging and monitoring,
  • Backups and recovery procedures,
  • Hosting of business data primarily in Switzerland; administrative or billing data may be processed in EU/global locations under appropriate safeguards.

6. Data Subject Rights

YourSky.blue assists Customers in handling data subject requests (access, correction, deletion, portability), to the extent reasonably possible.

  • Customers may submit requests via email or support portal.
  • Requests will be addressed within 30 days where reasonably feasible.
  • Fees may apply only for excessive or manifestly unfounded requests.

7. Data Breach

YourSky.blue will notify Customers without undue delay and within 72 hours after becoming aware of a Personal Data Breach affecting Customer Personal Data.

8. Data Transfers

Business data stored in the SaaS service is processed exclusively in Switzerland.

Should Customer Personal Data be transferred outside Switzerland or the European Economic Area (EEA) in the future, YourSky.blue will ensure that appropriate safeguards are in place, such as EU-approved Standard Contractual Clauses (SCCs), or obtain explicit Customer consent before any transfer.

9. Data Retention and Deletion

Upon subscription termination, Customer data will be disabled.

Data is retained for 7 days (“redemption period”), after which it is permanently deleted unless recovery is requested (CHF 250 fee).

Legally required records (e.g., invoices) are retained for 10 years.

10. Audit Rights

YourSky.blue shall make available information reasonably necessary to demonstrate compliance with this Agreement and applicable Data Protection Laws.

Disclosure of information may be subject to a confidentiality agreement (NDA) and operational constraints.

On-site audits are only permitted where required by law.

11. Confidentiality

Both Parties shall keep all data and related information strictly confidential, unless disclosure is required by law.

12. Governing Law

This Agreement is governed by the laws of Switzerland.

Place of jurisdiction: Conthey, Switzerland.

Final Provisions

By subscribing to and using the Services, the Customer accepts and is bound by this Data Processing Agreement.