Porlogie Logo Porlogie
Go to Homepage
← Back to Home

Data Processing Agreement (DPA)

Last updated: June 26, 2026

This Data Processing Agreement ("DPA") forms part of the agreement between Porlogie ("Processor," "we") and the Client ("Controller," "you") governing the processing of personal data through the Service.

1. Roles

The Client is the Data Controller for any personal data processed via automations they configure (e.g., their customers', patients', or employees' data). Porlogie is the Data Processor, processing that data solely on the Client's documented instructions, as configured through the platform.

2. Scope of Processing

Subject matter: processing of data connected via third-party apps to run client-configured automations. Duration: for the term of the Client's active subscription, plus the data retention period thereafter. Nature of processing: collection, storage, organization, structuring, and transfer to generate automated outputs (online sheets, notifications). Categories of data subjects: determined by the Client's use case (e.g., customers, patients, employees, leads). Categories of personal data: determined by the Client's connected apps and automation configuration.

3. Processor Obligations

Porlogie agrees to:

  • Process personal data only on the Client's instructions.
  • Ensure personnel with access to personal data are bound by confidentiality obligations.
  • Implement appropriate technical and organizational security measures.
  • Assist the Client in responding to data subject requests.
  • Notify the Client without undue delay (and in any case within 48 hours of becoming aware) of any personal data breach affecting their data.
  • Delete or return all personal data at the end of the engagement, per the agreed data retention period, unless otherwise required by law.
  • Make available information necessary to demonstrate compliance with this DPA upon reasonable request.

4. Sub-Processors

Porlogie uses sub-processors (cloud hosting, email/SMS delivery, payment processing, spreadsheet services) as listed in our Privacy Policy. We will notify Clients of any new sub-processor and provide an opportunity to object on reasonable grounds before the sub-processor is engaged for that Client's data.

5. International Transfers

Where personal data is transferred outside the Client's region, Porlogie will ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses or equivalent mechanism), as applicable.

6. Client (Controller) Obligations

The Client warrants that: they have a lawful basis for processing any personal data they connect to or configure within Porlogie; where required, they have obtained necessary consents from data subjects; they will not instruct Porlogie to process data in a way that would violate applicable data protection law.

7. Audit Rights

The Client may request reasonable information or documentation to verify Porlogie's compliance with this DPA, subject to reasonable notice and confidentiality protections.

8. Liability

Liability under this DPA is subject to the limitation of liability terms set out in our Terms of Service.

9. Term

This DPA remains in effect for as long as Porlogie processes personal data on the Client's behalf under the main agreement.