Tellagen

Data Processing Agreement

Last updated: 27 February 2026

1. Parties

This Data Processing Agreement (“DPA”) forms part of the Terms of Service between:

  • Processor: Rabrat OÜ, trading as Tellagen (registry code 12734598), Republic of Estonia (“Tellagen”).
  • Controller: the organisation that creates a Tellagen workspace (“Customer”).

2. Subject matter and duration

Tellagen processes personal data on behalf of the Customer to provide the Tellagen incident management and shift workspace platform (the “Service”). This DPA applies for the duration of the Customer’s use of the Service and until all personal data is returned or deleted in accordance with Section 11.

3. Nature and purpose of processing

Tellagen processes personal data only to deliver, secure, and support the Service under documented Customer instructions. This includes incident coordination, timeline and shift collaboration, identity/session management, customer-enabled integrations, and optional AI-powered features when enabled.

4. Types of personal data

  • User profile data (for example name, email, avatar).
  • Incident and operational records (for example events, tasks, messages, workstreams, resources, custom fields).
  • Customer-provided integration metadata and configuration.
  • Security and audit data (for example IP and request logs).

5. Categories of data subjects

Data subjects include the Customer’s employees, contractors, agents, and end users whose data is submitted to the Service by or on behalf of the Customer.

6. Obligations of the Processor

Tellagen shall:

  1. Process personal data only on documented instructions from the Customer, unless required by applicable law.
  2. Ensure personnel authorized to process personal data are subject to confidentiality obligations.
  3. Implement appropriate technical and organizational measures in line with GDPR Article 32.
  4. Engage subprocessors only under written terms that impose substantially equivalent data protection obligations.
  5. Assist the Customer with data subject rights requests as required by GDPR Chapter III.
  6. Assist the Customer with security, breach response, DPIAs, and prior consultation obligations where required.
  7. Return or delete Customer personal data upon termination, subject to legal retention requirements.
  8. Provide information reasonably necessary to demonstrate compliance with this DPA.

7. Obligations of the Controller

The Customer shall:

  1. Ensure it has a valid legal basis for all instructions and personal data provided to Tellagen.
  2. Ensure transparency and lawful handling of Customer-directed integrations.
  3. Provide and maintain documented processing instructions.

8. Data breach notification

Tellagen will notify the Customer without undue delay after becoming aware of a personal data breach affecting Customer Data and provide information reasonably necessary for the Customer to meet legal notification obligations.

9. Sub-processors and integrations

The Customer grants general authorization for Tellagen to engage subprocessors needed to deliver the Service, provided that Tellagen maintains this list and notifies Customers of material changes with an opportunity to object:

Customer-directed integrations (for example Slack, Google Meet, Intercom, PagerDuty, Opsgenie, Rootly, Stripe, Recurly, and customer-configured resolver endpoints) are enabled at the Customer’s direction and are governed by the Customer’s relationship with those providers.

10. International data transfers

Where personal data is transferred outside the EEA/UK, Tellagen will apply appropriate safeguards as required by applicable law, such as Standard Contractual Clauses.

11. Data return and deletion

Upon termination, the Customer may request return or deletion of Customer Data. Unless legally required otherwise, Tellagen will complete deletion within a reasonable period, including backup lifecycle deletion according to backup rotation.

12. Audit and compliance evidence

On reasonable written request, Tellagen will provide available documentation needed to demonstrate compliance with this DPA and may support proportionate audit requests subject to confidentiality and security safeguards.

13. Liability

Each party’s liability under this DPA is subject to the liability terms in the Terms of Service, unless mandatory law requires otherwise.

14. Governing law

This DPA is governed by the laws of the Republic of Estonia. Any disputes shall be resolved in the courts of Harju County, Estonia.

15. Contact

For questions about this DPA, contact [email protected].

Rabrat OÜ
Registry code: 12734598
Republic of Estonia

See also our Privacy Policy, Terms of Service, and Sub-processor List.