Data Processing Agreement (DPA)

This Data Processing Agreement ("DPA") forms part of the Terms of Service between you (the "Customer" or "Data Controller") and Soliroush LLC (the "Processor"), operating Stixrs (located at stixrs.com).

This DPA governs the processing of personal data by Soliroush LLC on your behalf. By using our services, you agree to the terms of this DPA. If you do not agree, you must cease using the services immediately.

1. Definitions

  • "Data Controller" — you, the Customer, who determines the purposes and means of processing Personal Data
  • "Data Processor" — Soliroush LLC, which processes Personal Data on behalf of the Controller solely for the purpose of providing the Services
  • "Personal Data" — any information relating to an identified or identifiable natural person, processed by the Processor on behalf of the Controller
  • "Processing" — any operation performed on Personal Data, including collection, recording, storage, retrieval, transmission, or deletion
  • "Sub-processor" — any third party engaged by Soliroush LLC to assist in processing Personal Data in connection with delivering the Services
  • "Data Subject" — the natural person to whom Personal Data relates (e.g., a tenant applicant, event guest, or end user)

2. Scope and Nature of Processing

Soliroush LLC provides international cellular connectivity and eSIM provisioning services (Stixrs). Processing under this DPA is limited strictly to what is necessary to deliver these services, such as provisioning eSIM profiles, managing data consumption, and facilitating account login.

  • We will process Personal Data only as necessary to perform the Services and strictly in accordance with your documented instructions
  • The categories and types of Personal Data processed are determined entirely by you as the Controller (e.g., tenant application details, guest email addresses, document text)
  • The duration of processing corresponds to the term of your active subscription and applicable data retention obligations

3. Controller Obligations and Sole Liability

As the Data Controller, you are solely responsible and liable for the legality, accuracy, and quality of the Personal Data you submit to our systems.

  • You warrant that you have obtained all necessary consents, legal bases, and authorizations required under applicable data protection laws (including GDPR and CCPA) to collect, transfer, and process the Personal Data through our platform
  • You agree not to submit unlawfully obtained data, illegally intercepted communications, or specially regulated categories of data (e.g., health data, financial account credentials, government-issued ID numbers) without executing appropriate additional legal agreements
  • Soliroush LLC is indemnified against any fines, claims, or damages arising from your failure to secure the proper legal basis for the data you input into our systems

4. Processor Obligations

As the Data Processor, Soliroush LLC agrees to:

  • Process Personal Data only on your documented instructions, and promptly inform you if an instruction would violate applicable law
  • Ensure all authorized personnel who access Personal Data are bound by enforceable confidentiality obligations
  • Not sell, retain, use, or disclose Personal Data for any purpose other than providing the Services you have contracted for
  • Assist you, to the extent reasonably possible, in responding to Data Subject rights requests (access, erasure, portability, etc.)
  • Notify you without undue delay (and no later than 72 hours) upon becoming aware of a Personal Data breach affecting your data
  • Make available to you all information necessary to demonstrate compliance with this DPA

5. Security Measures

Soliroush LLC implements appropriate technical and organizational measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include, but are not limited to:

  • Encryption of data in transit (TLS 1.2+) and at rest
  • Role-based access controls and least-privilege principles
  • Firebase App Check enforcement to prevent unauthorized API access
  • Regular security reviews, access audits, and vulnerability management
  • Incident response and breach notification procedures

6. Sub-processing

You provide general authorization for Soliroush LLC to engage Sub-processors to assist in delivering the Services. Current sub-processors include cloud infrastructure providers (Google Cloud Platform, Firebase) and database services (Neon Serverless PostgreSQL).

We will:

  • Ensure all Sub-processors are bound by data protection obligations equivalent to those in this DPA
  • Maintain an updated list of Sub-processors, available to you upon request
  • Notify you of any intended addition or replacement of Sub-processors with reasonable advance notice, giving you the opportunity to object

7. Data Subject Rights

If a Data Subject (e.g., a tenant, event guest, or end user) contacts Soliroush LLC directly to exercise a privacy right (access, erasure, portability, etc.), we will:

  • Promptly notify you of the request
  • Provide reasonable technical assistance to help you fulfill your legal obligations

You, as the Controller, are solely responsible for responding to Data Subject requests within the timeframes required by applicable law.

8. International Data Transfers

Where Personal Data is transferred outside the EEA or UK, Soliroush LLC will ensure such transfers are conducted under a valid legal mechanism (e.g., EU Standard Contractual Clauses, adequacy decisions, or equivalent frameworks), providing an equivalent level of protection.

9. Deletion or Return of Data

Upon termination or expiration of your subscription:

  • Soliroush LLC will, at your written request, delete or return all Personal Data within 30 days
  • Residual copies will be deleted from backup systems within the applicable backup retention window
  • We may retain data for longer only where required by applicable law, and only to the extent and for the duration required

10. Audit Rights

You may, upon reasonable written notice (at least 30 days), conduct or commission an audit of Soliroush LLC's data processing practices as they relate to your data, subject to reasonable confidentiality obligations. Audits shall be conducted during normal business hours and in a manner that minimizes disruption to our operations.

11. Contact Us

For questions regarding this Data Processing Agreement or to exercise your rights under it:

Contact Form