Data Processing Addendum (Short Form)

Roles

You (customer) are the controller; Pro Forma Copy is the processor for personal data you submit.

Subject matter, duration, nature

Processing of customer-provided personal data (e.g., names, emails, content you submit) for the term of your use of the Service to provide the Service.

Types of data and data subjects

Account data (names, emails) and any personal data contained in content you submit. Data subjects are your users or individuals referenced in your content.

Processor obligations

• Process only on your instructions (these terms and your configuration).
• Maintain confidentiality and appropriate security measures.
• Assist with data subject requests where reasonably possible.

Subprocessors

• Supabase (hosting, EU West/Ireland)
• Cloudflare (CDN/security)
• Resend (email)
• Stripe (billing)

We will update this list via policy updates if subprocessors change.

International transfers

Where data leaves the UK/EEA, appropriate safeguards (e.g., SCCs/UK IDTA) are used where required.

Security

We implement appropriate technical and organisational measures proportionate to the risk.

Breach notification

We will notify you without undue delay after becoming aware of a personal data breach affecting your data.

Return or deletion

On account deletion or your request, we delete customer personal data we control, subject to legal retention requirements (e.g., invoices).

Audits

On reasonable written notice, we will provide information necessary to demonstrate compliance; audits are scoped, reasonable, and during business hours.