Legal
Data Processing Agreement
Slotly acts as Processor for customer data; customer is Controller. This DPA supplements our Terms of Service.
Scope
This DPA applies whenever your use of Slotly involves Personal Data (as defined by GDPR Art. 4) of EU, UK, or Swiss residents. It's incorporated by reference into our Terms of Service.
Roles
- Controller: you, the Slotly customer.
- Processor: Slotly Inc.
- Sub-processors: Supabase, Vercel — see Privacy Policy.
Security commitments
Slotly maintains TLS in transit, at-rest encryption (AES-256 via Supabase managed Postgres), least-privilege access, audit logging, and a documented incident response process. See /security for details.
Data location
All customer data is currently stored in the United States (us-east-1, Northern Virginia). Standard Contractual Clauses apply for transfers from the EEA/UK.
How to execute
For customers on Standard, Team, or Enterprise plans: request a counter-signed DPA by emailing hello@getslotly.io. We use a standard form mirroring the EU SCCs (Module Two) — usually turned around in 2 business days.
Need a signed DPA?
Free plans use this online version by default. Standard, Team, and Enterprise customers can request a counter-signed PDF.
Request a signed copy