Data Processing Agreement

This Data Processing Agreement ("DPA") forms part of the Terms of Service between Buildflin LLC ("Processor") and you ("Controller"). It governs Buildflin's processing of personal data on your behalf in connection with our services.

"Personal Data" means any information relating to an identified or identifiable natural person. "Processing" means any operation performed on Personal Data. "Data Subject" means the individual to whom Personal Data relates. All terms not defined here carry the meaning given in applicable data protection law, including GDPR where applicable.

Buildflin will process Personal Data only on your documented instructions. You instruct Buildflin to process Personal Data to the extent necessary to provide the services described in our Terms of Service and as further documented in your use of those services.

Buildflin ensures that personnel authorized to process Personal Data are bound by appropriate confidentiality obligations and only process Personal Data as instructed.

Buildflin implements and maintains appropriate technical and organizational measures to protect Personal Data against unauthorized or unlawful processing and against accidental loss, destruction, damage, or disclosure. These include: encryption at rest and in transit, access controls and authentication, regular security assessments, and incident response procedures.

Buildflin uses third-party sub-processors to provide infrastructure and supporting services (e.g., cloud hosting, payment processing). We maintain a list of authorized sub-processors and will notify you of any intended additions or changes. By using our services you authorize use of our current sub-processors.

Buildflin will assist you in fulfilling your obligations to respond to Data Subject requests for access, rectification, erasure, restriction, portability, or objection. Where technically feasible, we will provide tools to assist with such requests. Where that is not possible, we will respond to verified requests forwarded to us within 30 days.

In the event of a confirmed Personal Data breach affecting data we process on your behalf, Buildflin will notify you without undue delay and in any case within 72 hours of becoming aware, to the extent permitted by applicable law.

Buildflin is based in the United States. If you are located in the EEA, UK, or Switzerland, transfers of Personal Data to the US are subject to appropriate safeguards including Standard Contractual Clauses (SCCs) where required under GDPR.

Upon termination of services, Buildflin will, at your election, delete or return all Personal Data processed on your behalf within 30 days, unless retention is required by applicable law.

For DPA inquiries or to request a signed copy:

Buildflin LLC Email: privacy@buildflin.com