Data Processing Addendum

This Data Processing Addendum (DPA) forms part of the Worksnip Terms of Service and applies when Worksnip processes Personal Data on your behalf within the meaning of the GDPR, the UK GDPR, and equivalent data-protection laws. By using a paid plan you accept this DPA. Customers needing a countersigned copy can request one from security@worksnip.com.

You (the Customer) act as the Data Controller; Worksnip acts as the Data Processor. We process Personal Data only on your documented instructions, ensure the persons authorised to process Personal Data are bound by confidentiality, implement appropriate technical and organisational measures (encryption in transit and at rest, role-based access, audit logs, two-layer PII redaction on captures), and assist you in meeting your obligations under Articles 32–36 GDPR.

We engage sub-processors listed in our Sub-Processor List (available on request, public version forthcoming). We notify you of any addition or replacement of sub-processors with at least 30 days' notice, giving you the right to object on reasonable grounds. International transfers rely on the EU Standard Contractual Clauses (and the UK IDTA / UK Addendum where applicable). We delete or return all Personal Data after termination on your written instruction.

For a signed DPA, sub-processor list, security review pack, or any clarification of the above, email security@worksnip.com.