Legal

Data Processing Agreement

Slotly acts as Processor for customer data; customer is Controller. This DPA supplements our Terms of Service.

Scope

This DPA applies whenever your use of Slotly involves Personal Data (as defined by GDPR Art. 4) of EU, UK, or Swiss residents. It's incorporated by reference into our Terms of Service.

Roles

  • Controller: you, the Slotly customer.
  • Processor: Slotly Inc.
  • Sub-processors: Supabase, Vercel — see Privacy Policy.

Security commitments

Slotly maintains TLS in transit, at-rest encryption (AES-256 via Supabase managed Postgres), least-privilege access, audit logging, and a documented incident response process. See /security for details.

Data location

All customer data is currently stored in the United States (us-east-1, Northern Virginia). Standard Contractual Clauses apply for transfers from the EEA/UK.

How to execute

For customers on Standard, Team, or Enterprise plans: request a counter-signed DPA by emailing hello@getslotly.io. We use a standard form mirroring the EU SCCs (Module Two) — usually turned around in 2 business days.

Need a signed DPA?

Free plans use this online version by default. Standard, Team, and Enterprise customers can request a counter-signed PDF.

Request a signed copy