Legal · last updated May 1, 2026
Data Processing Addendum
Our standard Data Processing Addendum, compliant with GDPR Article 28 and the UK GDPR.
This Data Processing Addendum ("DPA") forms part of the Master Subscription Agreement between Hootleash, Inc. and the Customer entity identified in the relevant Order Form. It applies whenever Hootleash processes personal data on behalf of Customer in connection with the services.
1. Roles
Customer is the controller; Hootleash is the processor. Both parties agree to comply with their respective obligations under applicable data protection laws.
2. Processing instructions
Hootleash processes personal data only on documented instructions from Customer, including with regard to transfers, except as required by applicable law.
3. Security
Hootleash implements appropriate technical and organisational measures, including those described in our Trust & Security center, to protect personal data.
4. Subprocessors
The current list of subprocessors is available on request. Customers receive notice of new subprocessors with a right to object on reasonable grounds.
5. International transfers
Standard Contractual Clauses (2021/914), UK IDTA, and Swiss FDPIC clauses apply where relevant. Supplementary measures are described in our Transfer Impact Assessment.
6. Audits
Customer may exercise the right to audit through Hootleash's third-party audit reports (SOC 2, ISO 27001) or by an on-site audit subject to reasonable conditions.
7. Contact
dpa@hootleash.com.