1. Scope
This DPA forms part of the Terms of Service between LiftGrid (processor) and the customer (controller) and applies whenever LiftGrid processes personal data on the customer's behalf.
2. Subject matter & duration
Subject matter: providing the LiftGrid platform. Duration: the term of the subscription plus a 30-day return-or-deletion window.
3. Categories of data subjects & data
- Customer's employees, technicians, and authorized users.
- Customer's end-clients (building managers) where applicable.
- Categories: identification, contact, employment, location/telemetry while the mobile app is active, communications.
4. Sub-processors
LiftGrid uses approved sub-processors for hosting, monitoring, email, and payment. The current list is published on the sub-processors page. We provide 30 days' notice of any addition or replacement.
5. Security
Encryption in transit (TLS 1.2+) and at rest (AES-256), least-privilege access controls, audit logging, and an incident-response plan. Detailed technical measures are available on request.
6. International transfers
Where personal data is transferred outside the EEA / UK / Türkiye, we rely on Standard Contractual Clauses or equivalent safeguards as required by applicable law.
7. Customer rights
On termination, LiftGrid will return or delete customer personal data within 30 days, subject to legal retention obligations. Customers may request an export at any time during the subscription.
Countersigning this DPA
To countersign this DPA for your account, contact us with your company name and account email.
See also: Sub-processors · Security overview.