Data Processing Agreement
Last updated: March 2026
1. Scope
This Data Processing Agreement ("DPA") forms part of the agreement between Threadsovereign Ltd ("Processor") and the customer ("Controller") for Enterprise plans. It applies when Threadsovereign processes personal data on behalf of the Controller in connection with the Building Safety Act compliance platform.
2. Subject matter and duration
Processing is limited to providing the subscribed services for the term of the agreement and any reasonable wind-down period. Processing includes storage of user accounts, project metadata, resident engagement records, and uploaded compliance documentation.
3. Processor obligations
- Process personal data only on documented Controller instructions
- Ensure personnel with access are bound by confidentiality
- Implement appropriate technical and organisational security measures
- Assist with data subject requests where technically feasible
- Notify the Controller without undue delay of personal data breaches
- Delete or return personal data at end of service, subject to legal retention
4. Sub-processors
The Controller authorises Threadsovereign to engage sub-processors listed in our Sub-Processor List. We will provide notice of material changes and an opportunity to object on reasonable grounds.
5. Executed copy
Enterprise customers receive a countersigned DPA during onboarding. For a copy or bespoke amendments, contact legal@threadsovereign.co.uk.