Placeholder. This document is a scaffold and is not legal advice. Replace with text reviewed by counsel before launch.

Data Processing Addendum

Last updated: 11 June 2026

This Data Processing Addendum ("DPA") forms part of the Terms of Service between ROP Consulting AB, org. no. [●], Sweden ("ROPARC", the "Processor") and the Customer (the "Controller"), and applies to all plans, including the Free tier. It governs the personal data contained in Customer workspace content — requirements, documents, reviews, comments, change history, and workspace member records. Customers on Business and Enterprise plans may additionally request a countersigned copy or negotiated amendments via [email protected].

1. Subject matter and instructions

We process Customer Data solely to provide the Service as described in the Terms, and only on the Customer's documented instructions — which are: the Terms, this DPA, and the Customer's use of the Service's features. We will inform the Customer if, in our opinion, an instruction infringes the GDPR.

2. Nature, purpose, and categories

  • Processing operations: storage, versioning, indexing, display, export, deletion; AI-assisted analysis only when a Customer user invokes an AI feature.
  • Data subjects: the Customer's workspace members and any individuals referenced in workspace content.
  • Data categories: identification and contact data of workspace members (name, email, role), authorship and review records, and any personal data the Customer chooses to include in content. The Service is not intended for special categories of data (Art. 9) and the Customer agrees not to submit them.
  • Duration: the subscription term plus the retrieval and deletion periods in Section 7.

3. Confidentiality and personnel

Persons authorized to process Customer Data are bound by confidentiality and access Customer Data only where necessary for operating, securing, or supporting the Service.

4. Security (Art. 32)

  • Encryption of data in transit; encryption at rest on production storage.
  • Per-organization isolation: each Customer organization is served by its own backend process with its own data directory.
  • Tamper-evident change history: content is stored in Git, whose content-addressed history makes after-the-fact modification detectable.
  • Role-based access control and audit logging of administrative actions.
  • Current measures, known limitations, and the security roadmap are published at /security.

5. Sub-processors

The Customer grants general authorization to engage the sub-processors listed at /legal/subprocessors. We will announce additions or replacements on that page and by email to workspace owners at least 30 days before they take effect; the Customer may object on reasonable data-protection grounds, in which case either party may terminate the affected subscription with a pro-rata refund. We remain liable for our sub-processors' performance.

6. Assistance

Taking into account the nature of the processing, we will assist the Controller with data-subject requests (Arts. 12–23), security, breach notification, and impact assessments (Arts. 32–36). Data-subject requests we receive directly for Customer-controlled data are forwarded to the Customer without undue delay.

7. Deletion, return, and the Git history model

  • Export: the Customer can export all workspace content, including full version history, as standard Git repositories plus structured exports, at any time and for 30 days after termination, free of charge.
  • Deletion on termination: after the retrieval period we delete Customer Data within 30 days, except where law requires retention.
  • In-term deletion of personal data: because change history is stored immutably for regulated-industry traceability — authorship of past changes is part of the audit record the Customer buys the Service for — removing a person's data from historic commits is an exceptional history-rewriting operation. On Controller instruction we will: scrub account records, tombstone the person's authorship for future processing, and, where the Controller instructs and accepts the consequences for baseline integrity, rewrite history to remove the data.

8. Breach notification

We notify the Controller without undue delay, and in any case within 48 hours, after becoming aware of a personal data breach affecting Customer Data, with the information reasonably available to us at the time, supplemented as the investigation proceeds.

9. Audits

We make available the information reasonably necessary to demonstrate compliance with Art. 28 — including the published security documentation and, for Business and Enterprise customers, responses to security questionnaires. On reasonable notice, and not more than once per year unless a breach has occurred, the Controller may audit compliance through an independent third party bound by confidentiality, at the Controller's cost.

10. International transfers

Customer Data is hosted in the EU. Where a sub-processor processes personal data outside the EU/EEA (see the sub-processor list for which, and for what purpose), the transfer relies on an EU adequacy decision or the Standard Contractual Clauses (2021/914), as stated per provider. AI features that involve a non-EU provider are invoked only by explicit user action.

Contact

DPA enquiries and signed copies: [email protected].