← RosterProject

Data Processing Agreement

This agreement describes how Kindleye Limited processes personal data on your behalf when you use RosterProject. It forms part of the Terms of Service and applies to every customer automatically. Last updated 12 July 2026.

1. Roles

For the purposes of Hong Kong's Personal Data (Privacy) Ordinance (Cap. 486, the "PDPO"), the Customer is the data user of the personal data it puts into its RosterProject workspace, and Kindleye Limited is its data processor: we process that data on the Customer's behalf, only to provide the rostering service. This agreement is the contractual measure contemplated by DPP 4(2) of the PDPO for engaging a data processor.

2. What data we process

The data subjects are the Customer's employees and workspace users.

3. Our commitments

4. Subprocessors

We use the infrastructure providers listed on the Security page (currently Supabase, Vercel, Stripe, and Resend). Each is bound by written terms imposing data-protection obligations no weaker than this agreement. We give 30 days' notice before adding a subprocessor that handles personal data; if the Customer reasonably objects, it may terminate and export its data.

5. Where data is stored

Workspace data is stored on AWS in Singapore (via Supabase). Section 33 of the PDPO (cross-border transfer restrictions) is not yet in operation; we nonetheless contract with our subprocessors so that personal data receives protection substantially similar to the PDPO wherever it is processed.

6. Return and deletion

7. Liability and law

Liability under this agreement is subject to the limitations in the Terms of Service. This agreement is governed by the laws of the Hong Kong Special Administrative Region.

8. Signed copies

This agreement applies automatically to every RosterProject customer. If your procurement process needs a countersigned copy, email support@rosterproject.com and we'll turn it around quickly.