Data Processing Agreement
Last updated: 29.05.2026
Between Pisteo, an aputoiminimi of Easy Host Oy (Y-tunnus 3288005-7), registered office Helsinki, Finland (the "Processor", "Pisteo") and the Restaurant (the "Controller").
This DPA is entered into under Art 28 GDPR and forms part of the Pisteo Service Terms.
1. Subject matter and scope
Pisteo processes personal data on behalf of the Restaurant in two specific contexts:
- Diner marketing list: when diners opt in to marketing from the specific restaurant via the Pisteo interface.
- Restaurant-controlled diner data accessible via the dashboard: order history with diner email addresses where provided.
For the diner's order and payment relationship itself, Pisteo acts as an independent controller (see our Privacy Policy). This DPA covers only the controller-to-processor relationship for the data sets above.
2. Duration
This DPA applies for as long as Pisteo processes Restaurant-controlled personal data, and survives termination of the Service Terms until all such data is returned or deleted.
3. Nature, purpose, categories, and data subjects
- Nature and purpose: providing the Pisteo platform, including ordering, payment routing, receipts, and marketing email delivery, as instructed by the Restaurant.
- Categories of data: name (optional), email address, order history, marketing consent records.
- Categories of data subjects: diners of the Restaurant.
4. Controller instructions
Pisteo processes Restaurant-controlled personal data only on the Restaurant's documented instructions, including those reflected in the Service Terms, dashboard configuration, and any written instructions sent to [email protected]. Pisteo informs the Restaurant if it believes an instruction breaches GDPR or Finnish data protection law.
5. Confidentiality
Pisteo ensures that persons authorised to process the data are bound by confidentiality, by contract or statute.
6. Security (Art 32)
Pisteo implements appropriate technical and organisational measures, including:
- Encryption in transit (TLS 1.2+) for all diner and restaurant traffic.
- Encryption at rest for databases and object storage (Railway-managed Postgres, Cloudflare R2).
- Access control: role-based access, MFA required for all Pisteo staff with production access.
- Audit logging of administrative actions.
- Regular automated backups, with tested restore.
- Vulnerability monitoring via Sentry and Stripe Radar.
- Secure software development practices, including code review and dependency scanning.
- Incident response plan with named on-call.
Security measures are reviewed at least annually and updated as the platform evolves.
7. Sub-processors
Pisteo uses the following sub-processors. The Restaurant gives general authorisation, with the right to object to changes as set out below.
| Sub-processor | Purpose | Location | Transfer mechanism |
|---|---|---|---|
| Stripe Payments Europe Ltd | Payments, Stripe Connect Express | Ireland (EU) | None needed for EU storage; Stripe's own group transfers are covered by Stripe's SCCs |
| Cloudflare R2 | Menu photo storage | EU region selected; Cloudflare is US-headquartered | EU 2021/914 SCCs Module 2 |
| Railway | Application hosting and managed Postgres | US-headquartered; EU region selected where available | EU 2021/914 SCCs Module 2 |
| Resend | Transactional and restaurant marketing email | US | EU 2021/914 SCCs Module 2 |
| PostHog | Product analytics (restaurant dashboard only, NOT diner app) | EU Cloud option used | None needed (EU hosting); fallback SCCs if changed |
| Sentry | Error monitoring | US (Sentry SaaS) or EU (Sentry self-hosted EU region) | EU 2021/914 SCCs Module 2 if using US |
Pisteo notifies the Restaurant at least 30 days before adding or replacing a sub-processor by updating this page and notifying admin users by email. The Restaurant may object in writing on reasonable data protection grounds. If the parties cannot agree within 30 days, the Restaurant may terminate without penalty.
8. Data subject rights assistance
Pisteo assists the Restaurant in responding to data subject requests (access, rectification, erasure, restriction, portability, objection) by:
- Providing dashboard tools to export, edit, and delete diner records.
- Responding to written assistance requests sent to [email protected] within 10 business days.
9. Breach notification
Pisteo notifies the Restaurant without undue delay and in any case within 24 hours of becoming aware of a personal data breach affecting Restaurant-controlled data. The notification includes:
- Nature of the breach.
- Categories and approximate number of data subjects and records affected.
- Likely consequences.
- Measures taken or proposed.
Pisteo supports the Restaurant in fulfilling its own breach notification obligations to the Tietosuojavaltuutettu and to data subjects.
10. Data protection impact assessments
Pisteo provides reasonable information and assistance for any DPIA the Restaurant undertakes.
11. Audit rights
The Restaurant may audit Pisteo's compliance with this DPA once per year, on 30 days' written notice, during business hours, in a manner that does not disrupt Pisteo's operations. Pisteo may satisfy audit requests by providing recent third-party security reports or summary internal audit reports where they cover the questions raised. Audit costs are borne by the Restaurant unless the audit reveals material non-compliance.
12. Return and deletion
On termination of the Service Terms, Pisteo returns or deletes Restaurant-controlled personal data within the timelines set out in the Service Terms (Section 11), except where Pisteo is required by Union or Member State law to retain it.
13. Liability and governing law
Liability under this DPA is subject to the Service Terms. This DPA is governed by Finnish law. Disputes are resolved in the Helsinki District Court.
Contact
Pisteo, an aputoiminimi of Easy Host Oy (Y-tunnus 3288005-7), Helsinki, Finland. Data protection queries: [email protected].