WoSBotPro
Sign inStart free trial →

Data Processing Addendum

Effective 2026-04-27. This is a plain-language summary written by the founder; it is not legal advice. For binding interpretation, consult a lawyer in your jurisdiction.

This DPA forms part of the agreement between you ("Customer") and WoS-Bot Pro ("Processor") for processing of personal data under the GDPR, UK GDPR, and Swiss FADP. It is auto-accepted on signup; if your organization needs a counter-signed copy, email legal@wosbotpro.com.

1. Roles

Customer is the Controller. Processor processes personal data only on documented Customer instructions, except where required by EU or member-state law.

2. Categories of data & data subjects

Account email, machine hash, subscription state, per-instance settings, anonymized telemetry, optional activity log uploads. Data subjects are the Customer's authorized end users.

3. Sub-processors

Processor uses the sub-processors listed at /legal/subprocessorsand will provide 14 days' notice before adding new ones.

4. Security measures

Row-level security, TLS 1.2+ in transit, encryption at rest, principle of least privilege, mandatory MFA for admin access, audit logging for all admin operations on Customer data.

5. Data subject requests

Processor will assist Customer in fulfilling access, correction, deletion, portability, and objection requests within 30 days of receipt.

6. Breach notification

Processor will notify Customer of a personal data breach without undue delay and within 72 hours of becoming aware, including details sufficient for the Customer to comply with its own notification obligations.

7. International transfers

Where personal data is transferred outside the EEA / UK / Switzerland, the EU Standard Contractual Clauses (Module Two: Controller to Processor) and the UK International Data Transfer Addendum apply and are deemed incorporated by reference.

8. Audit

Processor will respond to written audit questionnaires once per year. On-site audits are available with reasonable notice and at Customer's expense.

9. Return or deletion

On termination, Customer may export data via /account/data. Processor deletes Customer data within 30 days of termination unless retention is required by law (e.g. tax records).