Data Processing Addendum
Last revised · May 2026
This Addendum applies when Heard & Noted processes personal data on your behalf as a "processor" under the GDPR, UK GDPR, or comparable laws.
Roles
You are the Controller of form responses you collect. We are the Processor, acting only on your documented instructions, which include the configuration choices you make in the product.
Sub-processors
We engage vetted sub-processors for hosting, storage, email delivery, and AI transcription. We remain responsible for their performance under this Addendum.
Security
We implement appropriate technical and organizational measures, including encryption in transit, encryption at rest, access controls, and audit logging.
International transfers
Where personal data leaves the EEA or UK, we rely on Standard Contractual Clauses or other approved transfer mechanisms.
Breach notification
We will notify you without undue delay after becoming aware of a personal data breach affecting your data.
Deletion
Upon termination, we will delete or return personal data we process for you within a reasonable period, except where retention is required by law.
For a countersigned copy of this Addendum, email legal@heardandnoted.app.