Last updated: May 2026

This Data Processing Addendum ("DPA") forms part of your agreement with Billitron and applies whenever Billitron processes Personal Data on your behalf as a Processor under the GDPR, UK GDPR, or equivalent legislation.

Scope of processing

• Subject matter: provision of the Billitron service.
• Duration: while you have an active subscription, plus retention required by law.
• Nature & purpose: hosting and indexing of customer / job / pay-app data on your instruction; payment processing on your authorization.
• Categories of data subjects: your customers, your subcontractors, your employees.
• Categories of personal data: names, addresses, email, phone, tax IDs, bank account numbers (tokenized), employment information.

Processor obligations

• Process only on documented instructions.
• Ensure personnel are bound by confidentiality.
• Implement appropriate technical and organisational measures (described in the security overview).
• Engage sub-processors only as listed on the trust center, with prior notice of changes.
• Assist with data-subject requests.
• Notify you of personal-data breaches within 72 hours of discovery.
• Return or delete personal data on termination, subject to legal retention requirements.

International transfers

Where personal data is transferred outside the EEA, UK, or Switzerland, the EU Standard Contractual Clauses (EU 2021/914) and UK Addendum apply, with Billitron as data importer.

Sub-processors

Current sub-processors are listed on the trust center. We will notify you at least 30 days in advance of any new sub-processor.

Audits

We make available the SOC 2 Type II report (when issued) under NDA. Customers paying $20,000+ per year may request an annual audit on reasonable notice.

Execution

This DPA is effective without signature. To request a counter-signed copy, email privacy@billitron.com.