Data Processing Addendum

Last updated: January 25, 2026

Introduction

This Data Processing Addendum ("DPA") forms part of the Terms of Service between SearchPilot ("Processor") and the customer ("Controller") for the provision of SearchPilot services.

This DPA reflects the parties' agreement regarding the processing of personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Definitions

  • "Controller" means you, the customer, who determines the purposes and means of processing personal data
  • "Processor" means SearchPilot, which processes personal data on behalf of the Controller
  • "Personal Data" means any information relating to an identified or identifiable natural person
  • "Processing" means any operation performed on personal data

Roles and Responsibilities

You (the Controller):

  • Determine the purposes and means of processing personal data
  • Are responsible for the lawfulness of data processing
  • Ensure you have proper legal basis for sharing data with SearchPilot

SearchPilot (the Processor):

  • Processes personal data only on your documented instructions
  • Ensures confidentiality of personnel with access to data
  • Implements appropriate technical and organizational security measures
  • Assists you in responding to data subject requests

Data Processing Details

Purpose of Processing: To provide SEO analysis, recommendations, and task management services.

Types of Personal Data:

  • Account information (name, email)
  • Search performance data from Google Search Console
  • Analytics data (if Google Analytics is connected)
  • Website content accessible via public crawling

Data Subjects: Customer's authorized users and, indirectly, website visitors whose aggregate data may be included in analytics.

Duration: For the term of the service agreement plus 30 days for deletion.

Security Measures

SearchPilot implements appropriate technical and organizational measures to protect personal data, including:

  • Encryption of data in transit (TLS/HTTPS)
  • Encryption of data at rest
  • Access controls and authentication
  • Regular security assessments
  • Employee confidentiality obligations

Sub-processors

SearchPilot may engage sub-processors to assist in providing the service. We will:

  • Maintain a list of current sub-processors
  • Notify you of any changes to sub-processors
  • Ensure sub-processors are bound by equivalent data protection obligations

Data Subject Rights

SearchPilot will assist you in responding to requests from data subjects to exercise their rights under GDPR, including:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object

Data Breach Notification

In the event of a personal data breach, SearchPilot will:

  • Notify you without undue delay (within 72 hours where feasible)
  • Provide details about the nature of the breach
  • Describe measures taken to address the breach
  • Assist you in meeting your notification obligations

Data Deletion

Upon termination of the service agreement or upon your request:

  • SearchPilot will delete all personal data within 30 days
  • Deletion includes all copies and backups
  • We will provide written confirmation of deletion upon request

International Transfers

If personal data is transferred outside the European Economic Area, SearchPilot ensures appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs)
  • Transfers to countries with adequate protection decisions

Contact

For DPA-related inquiries or to request a signed copy, contact us at dpa@getsearchpilot.com.