Skip to content
TryizzyTryizzy

Data Processing Addendum

Last updated May 1, 2026

This Data Processing Addendum (DPA) forms part of the agreement between you (the controller) and BDK Studios LLC, operating Tryizzy (the processor), and describes how we process personal data on your behalf. It applies where data protection laws such as the GDPR or CCPA govern that processing.

Definitions

Terms such as personal data, processing, controller, processor, and data subject have the meanings given in applicable data protection law. Customer Data means personal data we process on your behalf to provide the service.

Roles

For Customer Data, you are the controller and we are the processor. For limited data we collect to operate our own business, such as account contact details and billing, we act as an independent controller under our Privacy Policy.

Scope and purpose of processing

  • Subject matter: provision of bookkeeping, reporting, and tax preparation services.
  • Duration: for the term of your subscription, plus retention periods required by law.
  • Nature and purpose: categorization, reconciliation, reporting, filing, support, and security.
  • Categories of data subjects: you, your team members, and individuals appearing in your financial records.
  • Categories of data: financial transactions, account details, documents, and tax identifiers.

Our obligations

  • Process Customer Data only on your documented instructions, including this DPA and the service itself.
  • Ensure personnel authorized to process the data are bound by confidentiality.
  • Implement appropriate technical and organizational security measures, including encryption in transit and at rest and tenant isolation.
  • Assist you, taking into account the nature of processing, with data subject requests and security obligations.
  • Notify you without undue delay after becoming aware of a personal data breach.

Subprocessors

You authorize us to engage subprocessors to provide the service, including our cloud hosting and database provider, Plaid for bank connections, our payment processor, and analytics providers. We impose data protection obligations on each subprocessor consistent with this DPA and remain responsible for their performance. We will inform you of material changes to our subprocessors and give you a chance to object.

International transfers

Where we transfer personal data across borders, we use a lawful transfer mechanism such as the Standard Contractual Clauses, along with appropriate safeguards.

Data subject rights and assistance

We provide functionality that helps you respond to data subject requests to access, correct, export, or delete personal data. Where you cannot address a request through the service, we will assist you on reasonable request.

Return and deletion

On termination, you may export Customer Data. We delete Customer Data within 30 days of a verified request, except records we are legally required to retain, including tax records retained for 7 years as required by the IRS.

Audits

On reasonable request and subject to confidentiality, we will make available information necessary to demonstrate compliance with this DPA, including summaries of relevant security assessments.

Contact

To enter into this DPA or ask questions, contact privacy@tryizzy.com.