This page summarizes the PointMintz DPA tenants can attach to their subscription agreement when they act as controller and PointMintz acts as processor for customer, staff, booking, payment, and communication data.
The tenant business is the controller for customer booking data. PointMintz processes that data only to provide booking, scheduling, customer-management, communications, payments, reporting, and support services configured by the tenant.
Email privacy@pointmintz.com with your tenant legal name, billing email, business address, and the jurisdictions you serve. We return the tenant-specific DPA package for review and signature.
| Area | Current commitment | Evidence / location |
|---|---|---|
| Data subject requests | Access, correction, export, restriction, deletion, and portability are supported through My Account and privacy request intake. | Privacy request form; customer My Account privacy panel. |
| Sub-processors | Material changes receive 30 days notice by admin notification and billing-contact email. | Current sub-processor list. |
| International transfers | EEA/UK/Swiss transfers use SCCs, UK IDTA, and supplementary technical measures. | DPA template, SCC template, IDTA template, and transfer impact assessment. |
| Deletion and retention | Verified erasure queues anonymization and backup purge while preserving disclosed audit-log exceptions. | GDPR rights and retention notice. |
| Security controls | TLS, per-tenant isolation, RBAC, MFA support, audit logging, backup controls, incident response, and least-privilege operations. | Security overview and tenant compliance dashboard. |
Tenant admins can review compliance posture in Admin > Compliance Dashboard, including DPA, PCI, HIPAA safeguards, licenses, insurance, audit reminders, and privacy request handling.
Readiness materials are wired and available. Formal legal acceptance remains a founder/counsel action before using a tenant-specific DPA for a paying customer.