How do I sign this DPA?

Contact privacy@smartasspdf.com with the subject 'DPA SIGNATURE'. We will provide a countersigned copy or an e-signature link.

Can you provide your list of Sub-Processors?

Yes. Email privacy@smartasspdf.com with the subject 'SUB-PROCESSORS' to receive the current list and any material updates.

Can I request earlier deletion of my files?

For browser-only tools, files remain on your device. Where server-side processing is used, contact support for early deletion and we’ll help wherever technically feasible.

Data Processing Addendum (DPA)

1. Scope & Roles

This DPA applies where SmartAssPDF processes Personal Data on behalf of the Controller. The Controller determines the purposes and means of processing; the Processor processes Personal Data solely to provide the services.

2. Nature, Purpose & Duration of Processing

Subject Matter: Files and associated metadata uploaded to use SmartAssPDF tools.
Nature of Processing: Operations necessary to perform the selected tool (e.g., convert, compress, merge, split, protect, unlock, etc.).
Purpose: To deliver the services as instructed by the Controller.
Duration: For the term of the underlying agreement and, for files, typically only for the brief period necessary to complete the task.

3. Types of Personal Data & Data Subjects

Data: Content within uploaded documents (may include personal data), filenames, file type/size, technical telemetry for reliability/security.
Data Subjects: Individuals whose information may appear in Controller-provided content.

4. Controller Instructions

Processor will process Personal Data only on documented instructions from Controller, including with respect to transfers, unless required by law. Controller is responsible for ensuring its instructions comply with applicable law.

5. Confidentiality

Processor ensures persons authorized to process Personal Data are bound by confidentiality obligations and receive appropriate privacy/security training.

6. Security Measures

HTTPS/TLS for data in transit.
Access controls and least-privilege principles.
Short-lived file handling with automatic deletion post-processing.
Monitoring, logging, and periodic reviews of controls.
Where feasible, client-side processing in the browser to minimize transfers.

7. Sub-Processors

Processor may engage Sub-Processors for hosting, storage, delivery, or auxiliary functions, subject to data protection obligations no less protective than those in this DPA. Controller authorizes the use of such Sub-Processors. Upon request, Processor will provide an updated list of Sub-Processors.

Category	Purpose	Examples
Hosting/CDN	Serve the app; transient storage	Cloud hosting providers / CDN
Analytics	Basic product analytics	Aggregate usage metrics
Email	Support communications	Transactional email service

8. International Data Transfers

Where processing involves a transfer of Personal Data to a third country, Processor will ensure appropriate safeguards are in place (e.g., EU Standard Contractual Clauses or other valid transfer mechanisms).

9. Assistance to Controller

Processor will assist Controller in responding to data subject requests where feasible and legally permitted.
Processor will assist with security, breach notifications, DPIAs, and prior consultations, taking into account the nature of processing and information available to Processor.

10. Deletion & Return

Upon termination of services or upon Controller request, Processor will delete or return Personal Data (unless retention is required by law). Uploaded files are generally removed automatically shortly after processing completes.

11. Breach Notification

Processor will notify Controller without undue delay after becoming aware of a Personal Data Breach affecting Controller data and provide information reasonably required for Controller to meet its obligations.

12. Audits

Upon reasonable written request, Processor will make available information necessary to demonstrate compliance with this DPA and, where required, allow for audits conducted by Controller or an independent auditor (subject to confidentiality, scheduling, and scope limitations).

13. Liability

The parties’ liability under this DPA is subject to the limitations and exclusions set out in the underlying agreement, except to the extent prohibited by applicable law.

14. Order of Precedence

In case of conflict between this DPA and the underlying agreement, this DPA controls with respect to data protection obligations.

15. Contact

Contact SmartAssPDF Team : support@smartasspdf.com

Data Type	Typical Retention	Deletion Method
Uploaded Files	Up to ~1 hour post-processing	Automated secure deletion
Temporary Browser Data	Session-scoped	Local/session clear
Operational Metadata	Up to 30 days	Scheduled purge