Legal

Primary documents

• Terms of Service

  The contract between Crossdeck and the developer who signs up. License grant, fees, service availability, intellectual property, term + termination, governing law.

• Privacy Policy

  What personal data Crossdeck collects, why, on what lawful basis, how long we keep it, and the rights you have over it. Strictest regime (GDPR / UK GDPR) as the floor.

• Data Processing Addendum (DPA)

  The processor-side contract that governs Crossdeck's processing of personal data on behalf of our Customers. EU SCCs (Module 2) + UK IDTA + Swiss adaptation incorporated by reference. 24-hour breach SLA, 30-day sub-processor notice, SOC 2 audit-rights substitute.

• Acceptable Use Policy

  Specific, enforceable restrictions on PII flooding, payment data, child data, health data, surveillance, source-of-truth misuse, and competitive reverse-engineering of the contracts/ directory.

• Sub-processor list

  Every third party that processes personal data on Crossdeck's behalf, what each one does, what data flows where, and how to subscribe to advance notice of changes (30 days before any addition).

• Security Overview

  Encryption algorithms named (AES-256, TLS 1.2+ / 1.3 preferred), incident response SLA named (24h / 72h / 14d), publicly committed SOC 2 Type II roadmap (audit Q1 2027, report Q3 2027).

Transparency & developer-facing

• SDK Data Collection Reference

  The exhaustive per-platform, per-event breakdown of what the Crossdeck SDK captures. The one-page reference your privacy team needs to sign off without a follow-up questionnaire.

• Customer Disclosure Template

  Pre-vetted language Crossdeck customers can paste into their own privacy policy to disclose us as a processor (and, separately, as an independent controller for SDK diagnostic telemetry).

• Cookie Policy

  The cookies and similar storage technologies cross-deck.com sets in your browser, why each one exists, how long it lives, and how to disable them.

Publication status

Terms, Privacy, AUP, Sub-processors, Security, SDK Data Reference, Customer Disclosure Template, and Cookie Policy are published in their v1.0 form on the Effective Date. They are ship-ready bank-grade drafts, and they will be reviewed by outside counsel as part of the broader legal-readiness work that precedes our enterprise launch.

The DPA is published as a v1.0 draft pending lawyer review. The DPA is the document that procurement counsel scrutinises most closely; we engage outside counsel to polish the four high-stakes documents (Terms, Privacy, DPA, AUP) before the v1.1 release. Customers signing today can do so on the v1.0 terms; the v1.1 release will be opt-in for existing Customers with the standard 30-day amendment notice.

Contact

• Privacy & data subject rights: [email protected]
• Security disclosures: [email protected]
• Acceptable-use violations: [email protected]
• Legal & contract negotiation: [email protected]
• Support & sales: [email protected]

Entity

VistaApps (Pty) Ltd, a private company incorporated in South Africa, trading as "Crossdeck." A reorganization to a Delaware (United States) parent holding company with VistaApps (Pty) Ltd as its operating subsidiary is in progress; on completion, the document set will be amended to reflect the change with the procedural protections set out in the Terms §1.2 and §17.1.