Legal

Data Processing Addendum

Last updated: 26 May 2026

This Data Processing Addendum ("DPA") applies where Formend processes personal data on behalf of a business customer.

1. Roles

The customer is the Data Controller. Formend is the Data Processor.

2. Subject Matter

Formend processes customer support conversations, chat logs, support tickets, QA scores, AI audit logs, and related metadata to provide QA monitoring and support quality analysis.

3. Duration

Processing continues for the duration of the customer's subscription or until the data is deleted according to the agreed retention period.

4. Categories of Data

Data may include:

  • customer names
  • email addresses
  • chat messages
  • ticket content
  • agent names or identifiers
  • QA scores
  • AI-generated audit summaries
  • timestamps
  • technical logs

5. Categories of Data Subjects

Data subjects may include:

  • customers/end users
  • customer service agents
  • supervisors
  • BPO staff
  • account users

6. Processor Obligations

Formend will:

  • process data only to provide the service
  • use reasonable security measures
  • restrict access to authorised personnel
  • use subprocessors where necessary to operate the service
  • assist with data subject requests where reasonably possible
  • notify the customer of relevant security incidents where legally required

7. Subprocessors

Formend may use subprocessors including hosting, payment, AI, database, and infrastructure providers. Current or expected subprocessors include:

  • Railway
  • Netlify
  • Stripe
  • Anthropic Claude
  • database/storage providers

8. Customer Obligations

The customer must ensure:

  • it has a lawful basis to process and submit data to Formend
  • staff and customers are notified where required
  • Formend is not used for unlawful surveillance
  • unnecessary sensitive data is not uploaded
  • access is limited to authorised users

9. International Transfers

Where data is transferred internationally, Formend will rely on appropriate safeguards where required.

10. Deletion and Return

At the end of service, Formend will delete or return customer data where technically and legally possible, unless retention is required for legal, billing, security, or dispute reasons.

11. Contact

Email: privacy@formend.tech