Data Processing Agreement
Last Updated: May 19, 2026
Using This DPA
This Data Processing Agreement (“DPA”) has 2 parts: (1) the Key Terms below and (2) the Common Paper DPA Standard Terms Version 1.1 posted at http://commonpaper.com/standards/data-processing-agreement/1.1/ (“DPA Standard Terms”), which is incorporated by reference. If there is any inconsistency between the parts of the DPA, the Key Terms will control over the DPA Standard Terms. Capitalized and highlighted words have the meanings given on this page. However, if this page omits or does not define a highlighted word, the default meaning will be “none” or “not applicable” and the correlating clause, sentence, or section does not apply to this DPA. All other capitalized words have the meanings given in the DPA Standard Terms or the Agreement.
Acceptance
By executing the Agreement (whether by signing an Order Form, accepting click-through Terms of Service, or otherwise proceeding through Camino’s sign-up or subscription flow), Customer agrees to be bound by this DPA. This DPA is deemed executed and effective as of the effective date of the Agreement between the parties, without the need for separate signature. Provider has executed this DPA on behalf of itself and its Affiliates as of the Last Updated date above.
Key Terms
Agreement
This DPA supplements the Camino Solutions, Inc. Terms of Service available at https://joincamino.com/terms-of-service (the “Agreement”), as accepted by Customer.
Approved Subprocessors
List of Subprocessors available at https://joincamino.com/subprocessors.
Provider Security Contact
privacy@joincamino.com.
Security Policy
Provider will use commercially reasonable efforts to secure the Service from unauthorized access, alteration, or use and other unlawful tampering.
Service Provider Relationship
To the extent California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq (“CCPA”) applies, the parties acknowledge and agree that Provider is a service provider and is receiving Personal Data from Customer to provide the Service as agreed in the Agreement and detailed below (see Nature and Purpose of Processing), which constitutes a limited and specified business purpose. Provider will not sell or share any Personal Data provided by Customer under the Agreement. In addition, Provider will not retain, use, or disclose any Personal Data provided by Customer under the Agreement except as necessary for providing the Service for Customer, as stated in the Agreement, or as permitted by Applicable Data Protection Laws. Provider certifies that it understands the restrictions of this paragraph and will comply with all Applicable Data Protection Laws. Provider will notify Customer if it can no longer meet its obligations under the CCPA.
Changes to the Agreement
Governing Law and Chosen Courts
Notwithstanding the governing law or similar clauses of the Agreement, all interpretations and disputes about this DPA will be governed by the laws of the Governing State without regard to its conflict of laws provisions. In addition, and notwithstanding the forum selection, jurisdiction, or similar clauses of the Agreement, the parties agree to bring any legal suit, action, or proceeding about this DPA in, and each party irrevocably submits to the exclusive jurisdiction of, the courts of the Governing State. Governing State means: California, United States.
Restricted Transfers
Not applicable. This DPA does not currently cover Restricted Transfers from the EEA or the United Kingdom. See Annex I(C) below.
Annex I(A) — List of Parties
Data Exporter
Name: The entity that accepts the Agreement (the “Customer”), as identified in the applicable Order Form or in the account registration information provided to Camino. Address: As provided to Camino during account registration or in the applicable Order Form. Contact Person: Name and contact details as provided to Camino during account registration or in the applicable Order Form. Customer may update its contact information at any time by emailing privacy@joincamino.com. Activities relevant to transfer: See Annex I(B). Role: Controller.
Data Importer
Name: Camino Solutions, Inc. Address: 521 E Blithedale Ave, Mill Valley, CA 94941. Contact Person: Kevin Berry, Chief Executive Officer. Email: privacy@joincamino.com. Activities relevant to transfer: See Annex I(B). Role: Processor.
Annex I(B) — Description of Transfer and Processing Activities
Service
Camino — employee onboarding platform automating new hire workflows, manager accountability, and People team coordination.
Categories of Data Subjects
Customer’s employees, contractors, and job applicants whose information Customer provides to or processes through the Service; Customer’s administrators and authorized users of the Service.
Categories of Personal Data
Name; contact information such as email, phone number, or address; employment information such as employee ID, job title, department, manager, start date, and onboarding milestones; professional or biographic information such as resume or CV; user activity and analysis such as device information or IP address; and communication content and metadata generated through use of the Service, including Slack messages, email content, task assignments, and meeting metadata.
Special Category Data
Is special category data Processed? No.
Frequency of Transfer
Continuous.
Nature and Purpose of Processing
Provider will Process Customer Personal Data as instructed in Section 3.2 of the DPA Standard Terms. The nature of processing includes: receiving data (collection, access, retrieval, recording, data entry); holding data (storage, organization, structuring); using data (analysis, consultation, automated processing to deliver the Service); updating data (correction, adaptation, alteration, alignment, combination); protecting data (restriction, encryption, security testing); sharing data (disclosure, dissemination, allowing access, or otherwise making available to Subprocessors and integrations); returning data to the data exporter or data subject; and erasing data (destruction and deletion).
Duration of Processing
Provider will process Customer Personal Data as long as required (i) to conduct the Processing activities instructed in Section 2.2(a)-(d) of the Standard Terms; or (ii) by Applicable Laws.
Annex I(C) — Competent Supervisory Authority
Not applicable. This DPA does not currently cover Restricted Transfers from the EEA or the United Kingdom. If the parties wish to engage in such Restricted Transfers, Camino will update this DPA to select the applicable Governing Member State and incorporate the EEA SCCs and/or UK Addendum as required by Section 6 of the DPA Standard Terms.
Annex II — Technical and Organizational Security Measures
As defined in the Security Policy.
This DPA, together with the DPA Standard Terms, constitutes the complete data processing agreement between Provider and Customer. By accepting the Agreement, Customer accepts and is bound by this DPA without the need for separate signature.
Common Paper Data Processing Agreement (Version 1.1) free to use under CC BY 4.0.