Data Processing Addendum

Data Processing Addendum

This is the v1 placeholder Data Processing Addendum shipped with the SaaS Template boilerplate. Deployments replace this file with their own legal-reviewed text before going to production.

Roles

The customer is the data controller; the platform is the data processor. The platform processes personal data only on the customer's documented instructions.

Subprocessors

The current list of subprocessors is published at /subprocessors. The customer is notified of material changes (additions in particular) before the new subprocessor begins processing customer data.

Security

The platform implements the technical and organisational measures documented in the order form's Security Schedule.

Cross-border transfers

Cross-border transfers comply with the regimes named in the order form (Standard Contractual Clauses, Data Privacy Framework, as applicable).

Audit rights

The customer may audit the platform's compliance under the conditions documented in the order form.

Term

This DPA is in effect as long as the platform processes customer personal data under the agreement.