DPA
Updated July 5, 2026
Data Processing Agreement
The baseline data-processing terms that apply when Pricemark processes personal data on behalf of a customer.
Scope
This Data Processing Agreement applies when Pricemark processes personal data on behalf of a customer as a processor or service provider under applicable data protection law. It supplements the Terms of Service or any signed customer agreement.
Roles
The customer is the controller or business for customer personal data. Pricemark is the processor or service provider for that data, except where Pricemark processes data for its own account administration, security, billing, analytics, or legal obligations.
Subject matter and duration
Pricemark processes customer personal data to provide AI quote generation, document handling, account administration, support, security, and related services. Processing continues for the duration of the customer’s use of Pricemark and any retention period required by law, backup, dispute, or agreement needs.
Data subjects and categories
- Customer users, employees, contractors, and administrators.
- Prospects, clients, property owners, suppliers, or project contacts included in customer quote material.
- Names, contact details, company data, role data, project information, quote history, uploaded documents, communications, usage logs, and support records.
- Customers should not upload special category data unless their agreement and use case specifically permit it.
Processing instructions
Pricemark will process customer personal data only on documented customer instructions, including instructions in the product, agreement, support requests, and lawful configuration choices, unless law requires otherwise.
Subprocessors
Pricemark may use subprocessors for hosting, storage, database, AI infrastructure, analytics, email, payments, support, and security. We require subprocessors to protect personal data under written terms appropriate to their role.
The current public subprocessors list is available on the Subprocessors page and may be updated as providers change.
Security measures
- Encryption in transit for supported network traffic.
- Access controls, least-privilege permissions, and account authentication.
- Operational logging, monitoring, backups, and incident response procedures.
- Vendor review and contractual confidentiality obligations.
- Logical separation of customer workspaces and production access limited to authorized personnel.
International transfers
Where customer personal data is transferred internationally, Pricemark will use appropriate transfer safeguards when required, such as standard contractual clauses or equivalent lawful mechanisms.
Assistance and rights requests
Pricemark will provide reasonable assistance for data subject requests, security obligations, data protection impact assessments, and regulatory inquiries to the extent required by law and reasonably available through the service.
Deletion and return
At the end of service, Pricemark will delete or return customer personal data according to the agreement, product functionality, and lawful retention requirements. Backup deletion may follow normal backup rotation.
Audits
Pricemark will make reasonable information available to demonstrate compliance with this DPA. Any audit must be scoped, scheduled, and conducted in a way that protects other customers, system security, and confidential information.