Data Processing Addendum

This Data Processing Addendum summary describes the baseline commitments Signoff makes when processing personal data on behalf of customers. Enterprise customers may request a signed DPA as part of their contract package.

For workspace content and user data submitted by a customer, the customer is generally the controller or business, and Signoff acts as processor or service provider. Signoff may act as controller for limited account, billing, security, and service administration data.

Signoff processes customer personal data to provide, secure, maintain, support, and improve the service, and as otherwise instructed by the customer through the product, contract, or applicable law.

Signoff uses subprocessors for hosting, database infrastructure, authentication, payments, communications, analytics, and support. We require subprocessors to protect personal data and process it only for authorized service purposes.

Signoff maintains administrative, technical, and organizational measures designed to protect customer personal data, including encrypted transport, access controls, audit logging, and vendor management.

To request a signed DPA or ask data processing questions, contact legal@sign-off.io.