Data Processing Addendum
If you're a business in the EU, EEA, UK, or California processing personal data through Hustl.it, this addendum forms part of our agreement.
§1 · Parties and roles
For the purposes of GDPR, you are the Data Controller of personal data you upload to Hustl.it (including your client records). Hustl.it is the Data Processor, acting on your instructions.
§2 · Scope of processing
- Subject matter: Provision of the Hustl.it Service.
- Duration: The term of your subscription plus the retention windows in the Privacy Policy.
- Nature of processing: Storage, retrieval, transmission, and automated processing as required to operate the Service.
- Categories of data: Contact info, appointment history, billing info, communication records.
- Data subjects: Your clients, your staff.
§3 · Sub-processors
A current list of sub-processors is published at hustl.it/sub-processors. We give 30 days' notice of any additions via email. You may object on reasonable grounds; if we can't find a resolution, you may terminate the affected portion of the Service.
§4 · Security measures
Full technical and organizational measures are detailed in the Trust & Security Policy, including encryption in transit (TLS 1.3) and at rest (AES-256), SOC 2 Type II controls, and incident response.
§5 · International transfers
Where personal data is transferred outside the EEA/UK, we rely on Standard Contractual Clauses (2021 EU Commission version), which are incorporated into this DPA by reference.
§6 · Breach notification
We notify you without undue delay — and in any case within 72 hours — of any confirmed personal-data breach affecting your data, with the information required under GDPR Art. 33.