Honest Growth

Data Processing Agreement

The Data Processing Agreement.

A Data Processing Agreement (DPA) is the contract that sets out how Honest Growth handles personal data on your behalf. If your company's procurement or legal review needs one, this page explains what it covers and how to get a signed copy.

What the DPA covers.

  1. 01

    Roles — processor and controller

    You are the data controller: it's your decision what data goes into Honest Growth and why. Honest Growth is the data processor: we process that data only on your instructions and only to deliver the audit service you signed up for.

  2. 02

    Sub-processor list

    The DPA incorporates our list of sub-processors — the third-party vendors that process data on our behalf — and our commitment to notify you before that list changes.

  3. 03

    Security measures

    It documents the technical and organizational measures we take to protect your data: encryption in transit and at rest, encrypted token fields, access controls, and our incident-response process.

  4. 04

    Data-subject rights

    It sets out how we help you respond to data-subject requests — access, correction, export, and deletion — for the individuals whose data you process through the service.

  5. 05

    Breach notification

    It binds us to notify you of a personal-data breach affecting your data within 72 hours of confirming it, with enough detail for you to meet your own regulatory obligations.

  6. 06

    Term and deletion

    It covers what happens at the end of the agreement: your right to export your data and our commitment to delete it within 30 days of account closure.

Request the DPA.

This page is a plain-English summary, not the agreement itself. A countersigned PDF of the full DPA is available on request — email us and we'll send the document and sign your copy.

We'll respond with the document directly. Nothing on this page is itself a binding contract.