Legal · DPA · Effective 2026-05-14
Data processing addendum
Scope
This Data Processing Addendum (“DPA”) supplements the StandPoint Terms of Service where Member data includes personal data of natural persons in the European Economic Area, the United Kingdom, or Switzerland, and where StandPoint acts as a (or sub-processor) of such personal data on behalf of the Member.
For most retail members, StandPoint acts as a of personal data rather than a processor. This DPA is provided for the limited cases (typically institutional or family-office members) where a controller-to-processor relationship applies; for all other relationships the privacy policy governs.
Sub-processors
We engage the following sub-processors. Notice of changes is provided by email at least 14 days in advance.
- Vercel Inc. — hosting and edge runtime (US).
- Neon Inc. — managed Postgres (EU region available).
- Cloudflare Inc. — object storage and CDN (global).
- Stripe Payments Europe Ltd. — payment processing (EU).
- Resend Inc. — transactional email (US).
- WhatsApp Ireland Ltd. — direct member messaging (EU).
International transfers
Where personal data is transferred outside the EEA, UK, or Switzerland, we rely on the European Commission’s and the UK International Data Transfer Addendum where applicable, supplemented by appropriate technical measures (encryption in transit and at rest).
Member rights
Members may exercise their rights under the GDPR — access, rectification, erasure, restriction, portability, and objection — by emailing dpo@standpointhq.com. We respond within one month, extendable by two further months for complex requests.
Breach notification
We notify members without undue delay (and in any event within 72 hours of becoming aware) of a personal-data breach affecting their information.
Impressum
[Operator details — counsel to populate prior to DACH marketing launch: legal entity name, registered address, registration number, VAT ID, responsible person under §§ 5 TMG / 55 RStV.]
Contact
Data protection: dpa@standpointhq.com.