Data Processing Agreement
Last updated: June 2026 · Reference v1
This Data Processing Agreement ("DPA") supplements the Terms of Service between you (the Customer, acting as the data Controller) and [set COMPANY_LEGAL_NAME] (the Processor) when you use FillOnce on behalf of your organization or its end users. It applies whenever we process personal information on your behalf in the course of providing the Service.
This DPA is a public reference document. Customers who require a signed version (e.g. for procurement) may email [set SALES_EMAIL] and we will execute the same terms with mutual signatures.
1. Roles and scope
For personal information you submit to FillOnce on behalf of your organization or end users, you are the data Controller (or, under California law, Business) and we are the Processor (or Service Provider). We process personal information only on your documented instructions, which are: (a) this DPA, (b) the Terms of Service, (c) any written settings you configure in the product, and (d) the lawful instructions you provide in writing during the term.
2. Subject-matter, duration, nature, purpose, and categories
Subject-matter: provision of the FillOnce form-autofill service. Duration: for as long as your subscription is active, plus a short wind-down period for return or deletion of data. Nature and purpose: storing encrypted vault values; parsing uploaded documents to detect form fields; generating filled documents on request. Categories of personal information: identifiers (name, contact), government IDs, financial information, medical information, employment information, family-member information you choose to add. Categories of data subjects: your authorized users and the household or organization members whose information you store.
3. Confidentiality
We ensure that personnel authorized to process personal information are bound by confidentiality. We limit access to personnel who need it to provide or support the Service.
4. Security measures (Article 32)
We implement appropriate technical and organizational measures including: row-level security database isolation per account, end-to-end client-side encryption of stored vault values (AES-256-GCM, browser-derived keys; our database holds only ciphertext + wrapped key material), TLS in transit, at-rest encryption of object storage, append-only audit logging, multi-factor authentication, distributed rate-limiting, signed webhooks, dependency scanning, and secret scanning on every commit. Detailed controls are documented at /security.
5. Sub-processors
You consent to our use of the sub-processors listed at /subprocessors. We require sub-processors to provide a level of protection at least equivalent to this DPA. We will notify you (via that page and, where you have provided an email for this purpose, by email) at least 30 days before we add or replace a sub-processor. You may object to a new sub-processor for legitimate reasons; if we cannot accommodate the objection, you may terminate the Service in accordance with the Terms.
6. International transfers
The Service is operated from Canada and our primary databases and object storage are hosted in Canada (Supabase ca-central-1). For transfers of personal information from the EEA, the UK, or Switzerland to Canada, we rely on the European Commission adequacy decision for Canada for commercial organizations subject to PIPEDA. Where additional safeguards are required by applicable law, the parties agree to enter the EU Standard Contractual Clauses (Module 2 — Controller to Processor) and the UK International Data Transfer Addendum, both of which are incorporated into this DPA by reference and which take precedence over any conflicting term.
7. Data-subject rights
We will assist you, taking into account the nature of the processing, by appropriate technical and organizational measures, in fulfilling your obligation to respond to requests from data subjects exercising their rights. The product provides self-service export and delete actions for end users; for requests we cannot fulfill in-product, contact our Privacy Officer below.
8. Breach notification
We will notify you without undue delay, and in any event within 72 hours of becoming aware, of any confirmed personal-data breach affecting your data, providing the information you reasonably need to meet your own obligations to regulators and data subjects.
9. Data-protection impact assessments
We will provide reasonable assistance with any data-protection impact assessment (DPIA) or prior consultation with supervisory authorities you are required to carry out, taking into account the nature of the processing and the information available to us.
10. Audit
We will make available to you on request the information necessary to demonstrate compliance with this DPA, including current third-party reports (where available) and a written response to a reasonable security questionnaire. You may, at your expense and no more than once per 12-month period, conduct an audit (or commission an independent auditor) provided you give 30 days' written notice, agree to confidentiality, and avoid disruption to the Service or other customers.
11. Return and deletion
Upon termination of the Service, we will, at your choice, return or delete all personal information processed on your behalf within 30 days, unless retention is required by applicable law. Backups containing personal information cycle out within 35 days of deletion.
12. Liability
Each party's liability under this DPA is subject to the limitation-of-liability provisions in the Terms of Service.
13. Governing law
This DPA is governed by the laws of British Columbia, Canada and the federal laws of Canada applicable therein, except that where applicable mandatory law of the data subject's jurisdiction provides for greater protection (e.g. GDPR Article 28, California CCPA, Quebec Law 25), that mandatory law also applies.
14. How to execute
You accept this DPA by clicking "I agree" in any signup or purchase flow that references it, by emailing [set SALES_EMAIL] with the subject line "I accept the FillOnce DPA," or by signing a countersigned copy that we will email back. The version of this DPA in effect when you accept it controls.
Contact
Privacy Officer: [set PRIVACY_OFFICER_NAME], [set COMPANY_LEGAL_NAME]
[set COMPANY_ADDRESS]
[set PRIVACY_EMAIL]