Data Processing Agreement (DPA)
This Data Processing Agreement ("Agreement") forms part of the Terms of Service between the Customer ("Controller") and SOPilot ("Processor").
1. Subject Matter
This Agreement governs the processing of personal data by SOPilot on behalf of the Controller in connection with the provision of services under the Terms of Service.
2. Duration
This Agreement remains in effect for as long as SOPilot processes personal data on behalf of the Controller.
3. Nature and Purpose of Processing
SOPilot processes personal data solely for the purpose of providing its SOP management services, including but not limited to: document upload, parsing, role-based access, and search functionality.
4. Categories of Data Subjects
- Controller’s employees
- Contractors
- Other authorized users
5. Categories of Personal Data
- Names
- Email addresses
- Team identifiers
- SOP-related annotations or actions
6. Obligations of the Processor
- Process personal data only on documented instructions from the Controller
- Implement appropriate technical and organizational measures to protect data
- Ensure confidentiality and training of personnel
- Assist the Controller with data subject rights requests
- Provide access to necessary information to demonstrate compliance
- Notify the Controller of any data breaches without undue delay
7. Sub-processors
SOPilot may engage third-party sub-processors for cloud hosting, analytics, or support services. A list of current sub-processors is available upon request. SOPilot will ensure all sub-processors meet equivalent data protection obligations.
8. International Transfers
If personal data is transferred outside the EEA, SOPilot shall ensure such transfers comply with GDPR, including use of Standard Contractual Clauses or adequacy decisions.
9. Audit and Inspection
Upon reasonable notice, the Controller may audit SOPilot's compliance with this Agreement. SOPilot agrees to cooperate and provide relevant information.
10. Return or Deletion of Data
Upon termination of the service, SOPilot will delete or return all personal data to the Controller, unless otherwise required by law.
11. Liability
Each party shall be liable for its own violations of applicable data protection laws.
This DPA is effective as of August 1, 2025. For GDPR-related inquiries, contact us at privacy@sopilot.app.