Last updated: 29 June 2026
Contact: [email protected]
This Data Processing Agreement is an informational draft describing how Akeye intends to handle personal data when it processes data on behalf of an organization using the Akeye platform.
Akeye is currently a project in an early commercial and product validation phase and is not yet presented here as a registered legal entity. When Akeye is provided under a formal company, subscription or signed agreement, this draft may be replaced or supplemented by a formal Data Processing Agreement signed or accepted by the organization.
1. Purpose
The purpose of this document is to describe the expected data protection roles, responsibilities and safeguards for the use of Akeye as a B2B software platform.
2. Roles
For personal data entered into Akeye by an organization:
- the organization is normally the Controller;
- Akeye acts as the Processor;
- the individuals whose data is entered are Data Subjects.
The organization determines why and how personal data is processed. Akeye processes such data only to provide, host, support, secure and maintain the platform, or according to the organization's instructions.
3. Subject matter and duration
The subject matter is the provision of the Akeye software platform and related hosting, support, maintenance, security, communication and operational services.
The duration is the period during which the organization uses Akeye and any additional period required for export, deletion, backup lifecycle, troubleshooting or legal retention.
4. Nature and purpose of processing
Akeye may process organization data to:
- host and store data;
- enable authorized users to use the platform;
- manage users, roles, units, activities, reservations, tasks, messages and files;
- send service-related notifications;
- provide support and troubleshooting;
- create logs and backups;
- maintain security and prevent misuse;
- comply with documented instructions or legal requirements.
Processing may include collection, recording, organization, storage, retrieval, consultation, use, transmission, restriction, deletion and destruction.
5. Categories of data subjects
Personal data may relate to organization administrators, staff, users, members, athletes, children, parents, guardians, guests, tenants, customers, suppliers, partners and other persons entered by the organization.
6. Categories of personal data
Depending on how the organization uses Akeye, data may include:
- identification data;
- contact data;
- account, role and permission data;
- relationship data;
- organization, unit, team, facility, room, vehicle or property data;
- activity, reservation, task, training, service and maintenance data;
- notes, messages, files and attachments;
- attendance, score, progress or status data;
- technical, log and audit data;
- health or medical information, only if the organization chooses to enter it.
The organization is responsible for ensuring that it has a valid legal basis for all data entered into Akeye, including any special categories of personal data.
7. Organization obligations
The organization should:
- process personal data lawfully, fairly and transparently;
- inform individuals about the use of Akeye where required;
- define the legal basis for processing;
- ensure that data entered into Akeye is accurate and necessary;
- manage user access, roles and permissions;
- respond to data subject requests;
- notify Akeye of instructions related to deletion, export or restriction where needed;
- avoid entering sensitive data unless it has a valid legal basis and appropriate safeguards.
8. Akeye obligations
Akeye should:
- process organization data only for the purpose of providing and securing the platform or according to documented instructions;
- keep personal data confidential;
- use appropriate technical and organizational security measures;
- assist the organization with data subject requests where reasonably possible;
- notify the organization without undue delay after becoming aware of a personal data breach affecting organization data;
- use sub-processors only where needed for the service and with appropriate safeguards;
- delete or return data at the end of the service where technically feasible and legally permitted.
9. Security measures
Akeye may use measures such as:
- role-based access control;
- authentication and password protection;
- encrypted transport;
- least-privilege access;
- logical separation between organizations;
- logging and monitoring;
- backups;
- incident response procedures;
- secure development practices;
- provider-level infrastructure security.
Security measures may evolve as the platform develops.
10. Sub-processors
Akeye may use trusted sub-processors for hosting, infrastructure, DNS, security, email delivery, monitoring, support or similar technical services.
Current or planned providers may include Microsoft Azure, Cloudflare and Resend. The list may change as the platform develops. Akeye should ensure that sub-processors are subject to appropriate confidentiality, security and data protection obligations.
11. Data subject requests
If Akeye receives a request from an individual relating to data entered by an organization, Akeye will normally direct the individual to the organization or notify the organization where appropriate.
Akeye will not independently decide how to respond to such requests unless required by law or instructed by the organization.
12. Personal data breaches
If Akeye becomes aware of a personal data breach affecting organization data, Akeye should notify the affected organization without undue delay and provide reasonably available information to help the organization meet its legal obligations.
13. Return and deletion
At the end of use, organization data may be exported or deleted according to the organization's instructions, technical feasibility and any applicable agreement. Backup copies may remain for a limited period according to normal backup cycles and will remain protected until deletion.
14. International transfers
Where possible, data should be processed in the EU/EEA. If data is transferred outside the EU/EEA, appropriate safeguards should be used, such as adequacy decisions, Standard Contractual Clauses or other lawful transfer mechanisms.
15. Annex — Processing details
| Item | Description |
|---|---|
| Subject matter | Provision of the Akeye B2B software platform and related services. |
| Duration | Period of use plus export, deletion, backup and legal retention periods. |
| Nature | Hosting, storage, retrieval, organization, transmission, support, backup, logging and deletion. |
| Purpose | Providing the platform to the organization and its authorized users. |
| Data subjects | Staff, users, members, athletes, parents, guardians, guests, tenants, customers, suppliers and other persons entered by the organization. |
| Data categories | Identification, contact, account, relationship, operational, communication, technical and, where entered by the organization, health or other sensitive data. |