United States
1-888-559-5336 Support
← Back

Data Processing Addendum (DPA)

This Data Processing Addendum ("DPA") forms part of the agreement between Skyello, Inc. ("Skyello") and the customer entity ("Customer") governing Customer's use of Skyello's services (the "Agreement").

This DPA applies to the extent Skyello processes Personal Data on behalf of Customer in connection with the Services.

1. Definitions

  • "Applicable Data Protection Laws" means all laws and regulations applicable to the processing of Personal Data under the Agreement, including where applicable the GDPR, UK GDPR, and applicable U.S. privacy laws.
  • "Personal Data" means any information relating to an identified or identifiable natural person processed by Skyello on behalf of Customer.
  • "Processing" has the meaning set forth in Applicable Data Protection Laws.
  • "Services" means Skyello's enforcement, compliance coordination, validation, and documentation services as described in the Agreement.

2. Roles of the Parties

  • Customer is the Data Controller (or Business) with respect to Personal Data.
  • Skyello acts as a Data Processor (or Service Provider) processing Personal Data solely on Customer's documented instructions.

Skyello does not act as an independent controller with respect to Customer Personal Data.

3. Scope and Purpose of Processing

Skyello processes Personal Data only as necessary to:

  • Coordinate compliance and inspection execution
  • Validate that regulatory obligations are fulfilled
  • Generate audit-ready documentation and records
  • Provide system access, support, and security monitoring

Skyello does not process Personal Data for advertising, profiling, resale, or unrelated analytics purposes.

4. Categories of Data and Data Subjects

Data Subjects may include:

  • Customer employees
  • Contractors and inspectors
  • Authorized facility personnel

Personal Data may include:

  • Names, job titles, and professional contact information
  • User account credentials and access logs
  • Inspection records linked to personnel
  • Work activity metadata (timestamps, approvals, task assignments)

Skyello does not require or intentionally collect:

  • Sensitive personal data unrelated to compliance execution
  • Consumer data
  • Biometric identifiers (unless explicitly agreed in writing)

5. Customer Instructions

Skyello shall process Personal Data only:

  • In accordance with this DPA and the Agreement
  • On documented instructions from Customer
  • As required to comply with applicable law

If Skyello believes an instruction violates Applicable Data Protection Laws, Skyello will inform Customer promptly.

6. Confidentiality

Skyello ensures that:

  • Personnel authorized to process Personal Data are bound by confidentiality obligations
  • Access to Personal Data is limited to those with a legitimate operational need

7. Security Measures

Skyello implements administrative, technical, and physical safeguards designed to protect Personal Data against unauthorized access, loss, or disclosure, including:

  • Role-based access controls
  • Audit logging and monitoring
  • Logical data isolation by customer
  • Encryption in transit and at rest
  • Incident detection and response procedures

Security practices are reviewed and updated on an ongoing basis.

8. Subprocessors

Customer authorizes Skyello to engage subprocessors as necessary to provide the Services (e.g., cloud infrastructure providers).

Skyello shall:

  • Maintain contractual protections with subprocessors consistent with this DPA
  • Remain responsible for subprocessors' compliance
  • Provide information about subprocessors upon request

A list of current subprocessors is available at /subprocessors.

9. Data Subject Rights

Skyello shall, to the extent legally permitted and technically feasible:

  • Assist Customer in responding to data subject requests
  • Not respond directly to such requests unless legally required

10. Incident Response

In the event of a confirmed Personal Data breach affecting Customer data, Skyello shall:

  • Notify Customer without undue delay
  • Provide reasonable information regarding the nature and scope of the incident
  • Cooperate with Customer's investigation and remediation efforts

Skyello does not publicly disclose incidents without Customer authorization unless legally required.

11. Data Retention and Deletion

Skyello retains Personal Data only:

  • For the duration of the Agreement, or
  • As required for regulatory, audit, or legal obligations

Upon termination of the Agreement, Skyello shall:

  • Delete or return Personal Data in accordance with the Agreement
  • Retain limited records where legally required

12. Cross-Border Transfers

Where applicable, Skyello ensures that cross-border transfers of Personal Data are conducted in compliance with Applicable Data Protection Laws using appropriate safeguards.

13. Audits

Upon reasonable written request, Skyello shall:

  • Provide information necessary to demonstrate compliance with this DPA
  • Cooperate with reasonable audits, subject to confidentiality and security requirements

14. Limitation of Liability

Liability under this DPA is subject to the limitations set forth in the Agreement.

15. Precedence

In the event of conflict, this DPA governs with respect to Personal Data processing obligations.

16. Governing Law

This DPA is governed by the governing law specified in the Agreement.

Contact

For data protection inquiries: privacy@skyello.com

Last updated: January 2026