Data processing

You are the data controller for any personal data your customers send into your workspace. Tixallo is the processor for that data, and a controller for limited account / billing / telemetry data described in the privacy policy.

Customer names and email addresses, ticket subject and body content, attachments, internal notes, KB content you publish, and the metadata Tixallo generates (assignments, tags, status changes, timestamps).

We use a small number of sub-processors strictly to deliver the service: managed cloud hosting (database, object storage, edge functions), transactional email delivery, and payments. Each is bound by a written agreement with confidentiality and data-protection terms at least as protective as ours.

The current named list is available on request. If we add or replace a sub-processor that materially affects your data handling, we'll update this page and, where appropriate, notify workspace owners by email.

Where personal data is transferred outside the UK or EEA, we rely on appropriate safeguards (such as the EU Standard Contractual Clauses and the UK International Data Transfer Addendum). We can describe the transfer mechanisms in our DPA.

We retain workspace data for the life of the workspace. After a workspace is closed we hold backups for a limited rolling window for disaster-recovery purposes, then delete. You can export or request deletion of individual customer records at any time from your workspace.

Encryption in transit (TLS) and at rest, role-based access, audit logging and 2FA on agent accounts. The full overview lives on the security page, including the certifications we have NOT yet earned.

We can provide a signed DPA on request. Get in touch via the contact page with your legal entity name and we'll send our template — typically a same-week turnaround.

If a customer in your workspace exercises their rights (access, correction, deletion, portability), you can action most requests directly from the workspace. For requests we need to handle on our side, contact us via the contact page.