Data Processing Addendum (DPA)

This Data Processing Addendum forms part of the BiteSlot Terms of Service and clarifies how BiteSlot processes customer personal data on your behalf.

Roles

You are the data controller. BiteSlot is the data processor.

Purpose & duration

Processing is limited to providing the BiteSlot service. Processing continues for the duration of your subscription plus 30 days for export, after which data is deleted unless legally required otherwise.

Categories of data subjects

Your customers, your staff, your vendors and other individuals whose personal data you process through BiteSlot.

Categories of personal data

Names, phone numbers, email addresses, order histories, delivery addresses, payment metadata (not card numbers), staff timesheet data.

Security measures

TLS 1.2+ in transit. AES-256 at rest. Network isolation, principle of least privilege, audit logging, encrypted backups, quarterly penetration tests.

Sub-processors

Full list is maintained at biteslot.com/legal/sub-processors. You may object to new sub-processors with 30 days notice.

Audit rights

We share independent audit reports (SOC2 in 2027) on request. Enterprise customers may conduct an on-site audit annually with reasonable notice.