Skip to content
Chip AI v2 is live — it now reads your whole workspace. See what's new →
HomeLegalData Processing Agreement
Legal

Data Processing Agreement

Last updated 30 June 2026

In plain English
We collect only what we need to run startbuddi. We never sell your data, and we never use your private workspace content to train public AI models. You can export or delete your data anytime.

This Data Processing Agreement (“DPA”) forms part of the Terms of Service between startbuddi (“Processor”) and the customer (“Controller”) and applies where startbuddi processes personal data on the Controller’s behalf in providing the Service.

Roles

For workspace content, the Controller determines the purposes and means of processing and startbuddi acts as Processor. Each party will comply with the data-protection laws that apply to it.

Scope of processing

  • Subject matter — provision of the startbuddi Service.
  • Duration — for as long as the Controller uses the Service.
  • Nature and purpose — hosting, processing and securing workspace data to deliver the Service.
  • Data subjects — the Controller’s contacts, clients, leads and team members.
  • Data types — contact details, communications, projects, financial records and other content the Controller chooses to store.

Our obligations

  • Process personal data only on the Controller’s documented instructions.
  • Ensure people authorised to process data are bound by confidentiality.
  • Apply appropriate technical and organisational security measures.
  • Assist the Controller with data-subject requests and security obligations.
  • Delete or return personal data at the end of the agreement, subject to legal retention.

Sub-processors

The Controller authorises startbuddi to engage sub-processors (such as hosting, payment, messaging and AI providers) under written terms that impose protections consistent with this DPA. We will inform the Controller of material changes to our sub-processors and remain responsible for their performance.

International transfers

Where personal data is transferred across borders, we apply appropriate safeguards consistent with applicable law.

Security and breach notification

We maintain encryption, access controls and monitoring, and will notify the Controller without undue delay after becoming aware of a personal-data breach affecting their data.

Audit

On reasonable request, we will make available the information needed to demonstrate compliance with this DPA.

Contact

To raise a data-processing matter, email privacy@startbuddi.com.

Questions about this document? Email privacy@startbuddi.com.