Log in Try free
LEGAL

Data Processing Addendum

Last updated 10 June 2026 · Pitchsafe Ltd

This Addendum forms part of the agreement between Pitchsafe Ltd ("Processor") and the customer ("Controller") and applies where Pitchsafe processes personal data on the Controller's behalf. It is subject to, and its liability is capped by, the limitation of liability in our Terms of Service.

1. Roles and scope

For personal data the Controller submits to the Service, the Controller is the controller and Pitchsafe is the processor. Pitchsafe processes such data only on the Controller's documented instructions (including via use of the Service) and as permitted by applicable data-protection law (UK GDPR / EU GDPR as applicable). The subject matter is the provision of the Service; the duration is the term of the agreement; the nature and purpose are regulatory decision support; the data subjects and categories are those the Controller chooses to submit.

2. Processor obligations

  • Process only on documented instructions; notify the Controller if an instruction appears to infringe applicable law (no obligation to provide legal advice).
  • Ensure persons authorised to process are bound by confidentiality.
  • Implement appropriate technical and organisational security measures (see Security).
  • Assist the Controller, taking into account the nature of processing and at the Controller's cost, with data-subject requests and with security, breach, and impact-assessment obligations, so far as reasonably practicable.
  • Delete or return personal data at the end of the agreement, save where retention is required by law.
  • Make available information reasonably necessary to demonstrate compliance.

3. Sub-processors

The Controller provides general authorisation for Pitchsafe to engage sub-processors, including those listed in our Privacy Policy (e.g. Anthropic, Voyage AI, Postmark, Stripe, Sentry, Meilisearch, and hosting providers). Pitchsafe imposes data-protection obligations on sub-processors substantially similar to those in this Addendum and remains responsible for their performance. We will give notice of intended changes to sub-processors and the Controller may object on reasonable data-protection grounds.

4. International transfers

Where personal data is transferred outside the UK/EEA, the parties rely on an adequacy decision or appropriate safeguards such as the UK/EU Standard Contractual Clauses, which are incorporated by reference.

5. Personal data breach

Pitchsafe will notify the Controller without undue delay after becoming aware of a personal data breach affecting the Controller's data, with information reasonably available, to assist the Controller's own obligations. Notification is not an acknowledgement of fault.

6. Liability

Each party's liability under or in connection with this Addendum is subject to, and counts towards, the exclusions and aggregate liability cap in the Terms of Service. Nothing in this Addendum limits liability that cannot be limited by law.

7. General

This Addendum is governed by the laws of England and Wales. In the event of conflict between this Addendum and the Terms regarding the processing of personal data, this Addendum prevails to the extent of the conflict. Questions: hello@pitchsafe.app.