This DPA forms part of the SignalHVAC Terms of Service when a customer ("Controller") uses SignalHVAC ("Processor") to process personal data on the Controller's behalf.
SignalHVAC processes the personal data the Controller submits to its workspace strictly to deliver the SignalHVAC service: indexing documents, answering questions, providing the embeddable widget, and related operational tasks.
We use a short, audited list of sub-processors (cloud hosting, email delivery, error tracking, model inference). The current list is available on request and we will give the Controller at least 30 days' notice before adding a new one.
Where personal data is transferred outside the EEA/UK, transfers are protected by the EU Standard Contractual Clauses (and the UK International Data Transfer Addendum, where applicable).
SignalHVAC maintains the technical and organizational measures described on the Security page. We will notify the Controller without undue delay (and no later than 72 hours after becoming aware) of any personal data breach.
A counter-signed DPA is included by default for Pro and Enterprise customers. To request a copy email legal@signalhvac.io.