EnterpriseUniversities
Sign In
TeamCraft LogoTeamCraft
  • Home
  • How it works?
  • Why Us
  • Customers
  • Pricing
  • Blogs
  • Contact
Data Processing AgreementDPAMaster Service AgreementMSASub-processor ListSub

Data Processing Agreement

Version 1.0 β€” July 13, 2026

This Data Processing Agreement (“DPA”) forms part of the Master Service Agreement or other written agreement between Archi’s Inc., doing business as TeamCraft (“TeamCraft”), and the Business Customer identified in the applicable Order Form (together with the Master Service Agreement, the “Agreement”), and applies to the extent TeamCraft processes personal data on behalf of Business Customer in connection with the Service. Capitalized terms not defined in this DPA have the meaning given in TeamCraft’s Terms of Service or the Agreement.

1. Introduction

This DPA forms part of the Master Service Agreement or other written agreement between Archi’s Inc., doing business as TeamCraft (“TeamCraft”), and the Business Customer identified in the applicable Order Form (together with the Master Service Agreement, the “Agreement”), and applies to the extent TeamCraft processes personal data on behalf of Business Customer in connection with the Service. Capitalized terms not defined in this DPA have the meaning given in TeamCraft’s Terms of Service or the Agreement.

2. Roles of the Parties

For personal data of Candidates and other individuals submitted to the Service by or on behalf of Business Customer (“Customer Data”), Business Customer is the controller (or “business” under the CCPA) and TeamCraft is the processor (or “service provider”). Where Business Customer is itself a processor acting on behalf of a further controller, Business Customer warrants it has obtained all necessary authorizations for TeamCraft’s processing under this DPA.

This DPA governs Customer Data only. It does not apply to data for which TeamCraft is the controller under its Privacy Policy — for example, data collected from website Visitors, or aggregated/de-identified data TeamCraft uses to improve AI Features as described in Section 5.3 of the Privacy Policy.

3. Scope and Instructions

TeamCraft will process Customer Data only: (a) to provide the Service in accordance with the Agreement; (b) in accordance with Business Customer’s documented instructions, including those given through Business Customer’s configuration of the Service; or (c) as required by applicable law, in which case TeamCraft will, where legally permitted, notify Business Customer before processing.

Schedule 1 (Details of Processing) describes the subject matter, duration, nature, and purpose of processing, the categories of data subjects, and the types of personal data processed.

4. Confidentiality

TeamCraft will ensure that personnel authorized to process Customer Data are subject to a binding written confidentiality obligation.

5. Security Measures

TeamCraft will implement appropriate technical and organizational measures designed to protect Customer Data against unauthorized or unlawful processing and against accidental loss, destruction, or damage, consistent with the safeguards described in Section 10 of TeamCraft’s Privacy Policy, as further detailed in TeamCraft’s Technical and Organizational Measures documentation.

6. Sub-processors

Business Customer provides general authorization for TeamCraft to engage Sub-processors to assist in providing the Service, subject to the terms of this Section. TeamCraft’s current Sub-processor List is available at jointeamcraft.com/subprocessors. TeamCraft will:

• Impose data protection obligations on each Sub-processor no less protective than those in this DPA;
• Remain liable to Business Customer for a Sub-processor’s acts and omissions to the same extent TeamCraft would be liable if performing the services itself;
• Provide notice of a new Sub-processor by updating the Sub-processor List and, where Business Customer has subscribed to notifications, by email at least 30 days before the new Sub-processor begins processing Customer Data.

If Business Customer reasonably objects to a new Sub-processor on data-protection grounds within 30 days of notice, the parties will work in good faith to resolve the objection; if unresolved, Business Customer may terminate the affected Service as its exclusive remedy.

7. Data Subject Rights

Taking into account the nature of the processing, TeamCraft will provide reasonable assistance to Business Customer, through the Service or otherwise, to respond to requests from Candidates or other data subjects to exercise their rights under applicable Data Protection Laws. Consistent with Section 8.1 of TeamCraft’s Privacy Policy, if TeamCraft receives such a request directly from a Candidate regarding Customer Data, TeamCraft will direct the Candidate to Business Customer and will forward the request to Business Customer without undue delay.

7.1 AI Features and Automated Decision-Making

Where Business Customer enables AI Features for an assessment, Business Customer acknowledges — consistent with Sections 3.2 and 3.3 of TeamCraft’s Terms of Service and Section 5 of TeamCraft’s Privacy Policy — that TeamCraft provides Output to support, and does not replace, Business Customer’s own evaluation and hiring or admissions process. Business Customer is solely responsible for: (a) providing any notice to, or obtaining any consent from, Candidates required by applicable law in connection with its use of AI Features and Output, including any law governing automated employment decision-making or algorithmic accountability in Business Customer’s jurisdiction; and (b) responding to any Candidate request to contest a decision based on such processing. TeamCraft will provide reasonably available technical information about a given AI Feature to support Business Customer’s compliance, subject to TeamCraft’s ability to do so without disclosing proprietary technology or trade secrets, consistent with Section 3.2(v) of the Terms of Service.

8. Personal Data Breach Notification

TeamCraft will notify Business Customer without undue delay, and in any event within 72 hours, after becoming aware of a confirmed personal data breach affecting Customer Data, and will provide reasonably available information to help Business Customer meet its own notification obligations under applicable Data Protection Laws.

9. International Data Transfers

TeamCraft operates the Service from the United States and, as disclosed in Section 7 of TeamCraft’s Privacy Policy, works with personnel and partners in Türkiye. Where Customer Data originates in a jurisdiction whose Data Protection Laws restrict cross-border transfer, the parties will rely on a valid transfer mechanism recognized under those laws, as set out in Schedule 2.

10. Audits

TeamCraft will make available to Business Customer information reasonably necessary to demonstrate compliance with this DPA, including relevant certifications or audit summaries if obtained. Upon at least 30 days’ prior written notice, and no more than once per year (except following a confirmed security incident or if required by a supervisory authority), Business Customer or its appointed auditor may audit TeamCraft’s relevant policies and records, at Business Customer’s sole expense, subject to confidentiality obligations and reasonable scheduling to avoid disruption to TeamCraft’s other Business Customers. The parties will mutually agree in advance on the scope, start date, and duration of any audit.

11. Deletion or Return of Data

On termination or expiration of the Agreement, TeamCraft will, at Business Customer’s choice, delete or return all Customer Data within 30 days, except to the extent applicable law requires continued retention, consistent with Section 9 of TeamCraft’s Privacy Policy. If Business Customer does not specify a choice within 30 days of termination, TeamCraft will delete Customer Data in accordance with its standard retention procedures.

12. Liability

Each party’s liability arising out of or in connection with this DPA is subject to the limitations of liability set out in the Agreement, except to the extent applicable Data Protection Laws prohibit such limitation.

13. Governing Law

This DPA is governed by the laws of the State of Delaware, consistent with Section 13 of TeamCraft’s Terms of Service and the governing law provision of the Agreement, without prejudice to any mandatory data-protection law requiring a different law or forum for specific provisions of this DPA (such as the Standard Contractual Clauses, which are governed by the law specified therein).

Schedule 1: Details of Processing

Subject matter: Provision of the TeamCraft hackathon-based technical assessment platform.

Duration: For the term of the Agreement, plus any period specified in Section 11.

Categories of data subjects: Candidates invited to assessments; Business Customer’s authorized users.

Categories of personal data: Contact and identity information; Submissions, Results, and Output; usage/log data; and, only where a Business Customer enables the applicable Candidate Feature and the Candidate separately consents, webcam images or facial data for identity or integrity verification (see Section 2.4 of the Privacy Policy).

Special categories of data: None are intentionally collected except the biometric/facial data described above, which is collected only with separate Candidate consent. Business Customer must not otherwise submit special categories of personal data through the Service absent a separate written agreement.

Nature of processing: Hosting, storage, scoring, AI-assisted analysis, and reporting of Candidate assessment data.

Purpose of processing: To provide the Service as described in the Agreement.

Schedule 2: International Transfer Details

TeamCraft operates the Service from, and stores Customer Data in, the United States, and works with personnel and collaborators in the Republic of Türkiye, as disclosed in Section 7 of TeamCraft’s Privacy Policy. Where Customer Data originates in the Republic of Türkiye, cross-border transfer to TeamCraft in the United States is subject to Article 9 of the Turkish Personal Data Protection Law No. 6698 (KVKK), and the parties will rely on an appropriate transfer mechanism recognized thereunder — such as the standard contract published by the Turkish Personal Data Protection Board, undertakings approved by the Board, or the data subject’s explicit consent — as applicable to the transfer. Where Customer Data originates in any other jurisdiction whose Data Protection Laws restrict cross-border transfer, the parties will rely on a valid transfer mechanism recognized under those laws, documented in an addendum to this DPA where required.
TeamCraft LogoTeamCraft

Real-world digital hackathons for technical hiring.

How it works?PricingTraditional Hiring
BlogsSample ReportUniversities
PartnershipsCustomersContactWhy Us
Data Processing AgreementMaster Service AgreementSub-processors

Contacts

[email protected]+1 217 200 9093

All rights reserved Archis, Inc DBA TeamCraft

Terms of ServicePrivacy Policy