Data Processing Addendum (DPA)

1. Scope and Roles

Applies when Priowise processes personal data on behalf of the Customer.

• Customer = Data Controller
• Priowise = Data Processor

2. Nature and Purpose of Processing

Processing includes:

• storing data
• retrieving data
• AI analysis
• generating reports and recommendations

Data is never used for advertising or profiling.

3. Data Categories and Subjects

Possible data categories:

• names
• email addresses
• job titles
• team information
• roadmap or strategy ownership data

Data subjects may include:

• employees
• contractors
• authorized users

4. Subprocessors

Key subprocessors include:

• OpenAI
• Google Gemini
• Airtable
• Supabase
• Make.com
• Vercel
• Clerk

All subprocessors follow equivalent data protection obligations.

5. Data Transfers

International transfers follow:

• EU Standard Contractual Clauses
• UK International Data Transfer Addendum

6. Security Measures

Security includes:

• encryption in transit and at rest
• access control
• role-based permissions
• activity logging
• backup and recovery systems

7. Data Subject Rights Assistance

Priowise assists Customers with requests involving:

• access
• correction
• deletion
• restriction
• portability

8. Data Breach Notification

If a breach occurs, Priowise will notify the Customer without undue delay and provide:

• breach description
• affected data scope
• mitigation actions

9. Termination and Deletion

Upon termination:

• Customer may request data return or deletion.

Anonymized analytics data may be retained.

10. Audit Rights

Customers may request compliance documentation or conduct audits with reasonable notice (maximum once per year unless required by law).

11. Miscellaneous

This Addendum:

• forms part of the Terms of Service
• applies while Priowise processes Customer Data
• prevails over conflicting provisions regarding data protection