Data Processing Agreement
The Data Processing Agreement.
A Data Processing Agreement (DPA) is the contract that sets out how Honest Growth handles personal data on your behalf. If your company's procurement or legal review needs one, this page explains what it covers and how to get a signed copy.
What the DPA covers.
- 01
Roles — processor and controller
You are the data controller: it's your decision what data goes into Honest Growth and why. Honest Growth is the data processor: we process that data only on your instructions and only to deliver the audit service you signed up for.
- 02
Sub-processor list
The DPA incorporates our list of sub-processors — the third-party vendors that process data on our behalf — and our commitment to notify you before that list changes.
- 03
Security measures
It documents the technical and organizational measures we take to protect your data: encryption in transit and at rest, encrypted token fields, access controls, and our incident-response process.
- 04
Data-subject rights
It sets out how we help you respond to data-subject requests — access, correction, export, and deletion — for the individuals whose data you process through the service.
- 05
Breach notification
It binds us to notify you of a personal-data breach affecting your data within 72 hours of confirming it, with enough detail for you to meet your own regulatory obligations.
- 06
Term and deletion
It covers what happens at the end of the agreement: your right to export your data and our commitment to delete it within 30 days of account closure.
Request the DPA.
This page is a plain-English summary, not the agreement itself. A countersigned PDF of the full DPA is available on request — email us and we'll send the document and sign your copy.
We'll respond with the document directly. Nothing on this page is itself a binding contract.