Data Processing Addendum

Scope

This addendum applies where SaferDrop processes personal data on behalf of a customer ("Controller"). Because transfers are end-to-end encrypted and never stored, SaferDrop does not process the contents of transfers and has no access to them.

Nature of processing

• Transfer contents: not processed by us — they travel directly between browsers, encrypted with keys we never hold.
• Account & billing data: processed to provide authentication and subscriptions, via our sub-processors (authentication and payment providers).
• Usage counters: anonymous per-account transfer counts for plan limits.

Sub-processors

We use Cloudflare (hosting, signaling, optional relay), our authentication provider, and our payments provider. A current list is available on request.

Security measures

End-to-end AES-GCM encryption, no content storage, PIN-gated sessions, and a signaling service that only ever sees connection metadata and a salted PIN hash.

International transfers & data subject requests

We assist Controllers with data subject requests relating to the limited account data we hold. Contact dpa@saferdrop.com to execute a signed DPA.

This is a template and must be reviewed by qualified counsel before launch.