Data Processing Addendum

Overview

This Data Processing Addendum describes the baseline terms for processing customer data when the service is used by a business customer.

Roles

For customer workspace content, the customer is generally the controller and the service acts as a processor. For account, billing, security, and product operations data, the service may act as an independent controller where permitted by law.

Processing Instructions

We process customer data to provide, secure, maintain, support, and improve the service, and as otherwise documented in the agreement, privacy policy, or customer instructions.

Security Measures

We use reasonable technical and organizational measures including access controls, encryption in transit, role-based administration, audit trails for sensitive actions, and credential separation.

Subprocessors

We may use subprocessors to provide hosting, storage, payments, email, analytics, AI processing, support, and other operational services. The current subprocessor notice is published on the Subprocessors page.

Data Subject Requests

Customers are responsible for responding to data subject requests for their workspace content. We will provide reasonable assistance where technically possible.

Deletion and Return

Upon valid request or termination, customer data will be deleted or returned according to the product capabilities, legal requirements, and backup retention constraints.