
DATA PROCESSING ADDENDUM
Data Processing Addendum (DPA)
Last updated: June 23, 2026
This Data Processing Addendum ("DPA") forms part of the Terms of Service (the "Agreement") between Silaar LLC ("Silaar," "Processor," or "us") and the customer entity that uses the Service ("Customer," "Controller," or "you"), and is incorporated by reference into the Agreement. This DPA reflects the parties' agreement with respect to the terms governing the processing of Personal Data under the GDPR, UK GDPR, CCPA/CPRA, and other applicable data protection laws ("Data Protection Laws").
This DPA is offered as a self-service addendum. For most customers, the version posted here is sufficient. If your procurement process requires a signed DPA, contact legal@silaar.com.
1. Definitions
- "Personal Data" means any information relating to an identified or identifiable natural person that is processed by Silaar on behalf of Customer in connection with the Service.
- "Controller" means the entity that determines the purposes and means of processing Personal Data (Customer).
- "Processor" means the entity that processes Personal Data on behalf of the Controller (Silaar).
- "Sub-processor" means a third party engaged by Silaar to assist in providing the Service.
- "Standard Contractual Clauses" or "SCCs" means the standard data protection clauses adopted by the European Commission for transfers of Personal Data to third countries.
2. Roles & Scope of Processing
Customer acts as the Controller (or, where applicable, Processor on behalf of its own controller), and Silaar acts as Processor. Silaar will process Personal Data only on Customer's documented instructions, including as necessary to provide the Service and comply with the Agreement. The scope, nature, and purpose of processing, the types of Personal Data, and the categories of data subjects are described in our Privacy Policy and the Customer's account configuration.
3. Silaar's Obligations (GDPR Article 28(3))
Silaar agrees to:
- Process Personal Data only on Customer's instructions, including with regard to transfers, unless required by law;
- Ensure that personnel authorized to process Personal Data are bound by confidentiality;
- Implement appropriate technical and organizational security measures (see Section 5);
- Assist Customer, where possible, in fulfilling its obligations to respond to data-subject requests;
- Assist Customer in meeting its obligations regarding security of processing, breach notification, and data protection impact assessments;
- Delete or return all Personal Data after the end of the services, unless retention is required by law; and
- Make available information necessary to demonstrate compliance with this DPA and allow for and contribute to audits.
4. Sub-processors
Customer provides general written authorization for Silaar to engage sub-processors to provide parts of the Service. Current sub-processor categories include: payment processing (Stripe), cloud hosting, and email delivery. Silaar remains liable for the performance of its sub-processors to the same extent it would be liable performing the services directly. Silaar will provide notice of intended changes regarding sub-processors, giving Customer a reasonable opportunity to object.
5. Security Measures
Silaar maintains reasonable and appropriate technical and organizational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These include:
- Encryption of data in transit (TLS) and at rest where applicable;
- Hashed passwords and secure authentication (JWT);
- Role-based access controls and least-privilege principles;
- Rate limiting, logging, and abuse monitoring;
- Payment data handled exclusively by Stripe (PCI-DSS Level 1).
Further details are available on our Security page.
6. Personal Data Breach
Silaar will notify Customer without undue delay (and in any case within 72 hours) after becoming aware of a Personal Data breach affecting Customer's data. Notification will include the nature of the breach, the likely consequences, the measures taken or proposed, and Silaar's contact point. Silaar will take reasonable steps to mitigate and remediate the breach.
7. International Data Transfers
To the extent Personal Data is transferred outside the EEA, UK, or Switzerland, the parties agree to comply with applicable transfer mechanisms, including the Standard Contractual Clauses, which are incorporated by reference. A copy of the current SCCs can be obtained from privacy@silaar.com.
8. Data Subject Requests & Cooperation
If Silaar receives a request from a data subject to exercise rights under Data Protection Laws with respect to Personal Data processed on behalf of Customer, Silaar will redirect the data subject to Customer and, where reasonably possible, assist Customer in fulfilling the request.
9. Deletion & Return of Data
Upon termination of the Service and at Customer's choice, Silaar will, subject to applicable law, delete or return Customer's Personal Data and delete existing copies, unless retention is required by law.
10. Audit Rights
Customer may audit Silaar's compliance with this DPA, subject to reasonable notice and confidentiality obligations. Where audits cannot reasonably be performed by Customer, Silaar will make available third-party audit reports or certifications (such as SOC 2) upon reasonable request.
11. CCPA Service Provider Terms
To the extent the CCPA applies, Silaar acts as a "service provider" to Customer. Silaar will not sell or share Personal Data, will use it only for the limited purposes specified in the Agreement, will certify compliance, and will notify Customer if Silaar determines it can no longer meet its obligations.
12. Term & Termination
This DPA remains in effect for as long as Silaar processes Personal Data on behalf of Customer. Upon termination, the deletion and survival provisions of the Agreement and this DPA apply.
13. Contact
For DPA-related questions, signed copies, or audit requests:
Silaar LLC — Data Protection
30 N Gould St, Ste R, Sheridan, Wyoming 82801, United States
Privacy/DPO: privacy@silaar.com
Legal: legal@silaar.com