Trust

Data Processing Addendum

Last updated: 2026-05-11 · Version 1

This Addendum supplements the Slide Practice Terms of Service and applies to the extent Slide Practice processes Personal Data on behalf of Customer in the course of providing the Services. Capitalized terms not defined here have the meanings given in the Terms of Service and in applicable Data Protection Laws (including GDPR, UK GDPR, CCPA/CPRA, and the Philippine Data Privacy Act).

1. Roles

Customer is the Controller (or, where applicable, Business). Slide Practice is the Processor (or Service Provider). Each party complies with its respective obligations under applicable Data Protection Laws.

2. Subject matter and duration

Subject matter: provision of the Slide Practice Services. Duration: term of the underlying Terms of Service plus any wind-down period required to fulfill obligations. Nature and purpose of processing: hosting, storage, transmission, transcription, and AI-assisted summarization of customer data submitted through the Services.

3. Categories of data subjects and personal data

Data subjects: Customer’s account holders, Customer’s clients (where applicable), and others whose Personal Data Customer submits. Personal Data categories: identification data, contact data, professional information, payment metadata (tokenized by our merchant of record), session audio and transcripts, and usage logs.

4. Slide Practice obligations

Slide Practice will: (a) process Personal Data only on documented instructions from Customer (the Terms of Service and this Addendum are instructions); (b) ensure that persons authorized to process Personal Data are under appropriate confidentiality obligations; (c) implement appropriate technical and organizational measures, including those described at /security; (d) assist Customer in fulfilling data-subject requests and supervisory-authority inquiries; (e) make available to Customer all information necessary to demonstrate compliance with this Addendum.

5. Sub-processors

Customer authorizes Slide Practice’s use of the sub-processors disclosed by functional role at /subprocessors. The current named list is available to authenticated customers and on request via /legal/dpa-request. Slide Practice will give 30 days’ written notice of any new sub-processor; Customer may terminate the Services if it reasonably objects, subject to pro-rata refund.

6. International transfers

For transfers of EEA/UK/Swiss Personal Data to recipients in third countries, the parties incorporate the European Commission Standard Contractual Clauses (2021/914) as appropriate (Module Two for Customer’s controller→processor relationship; Module Three for any onward processor→sub-processor relationship), or the UK International Data Transfer Addendum, or equivalent safeguards.

7. Personal data breach

Slide Practice will notify Customer without undue delay and no later than 72 hours after becoming aware of a Personal Data breach affecting Customer Data. Notice will include the nature of the breach, affected data categories and approximate numbers, likely consequences, and measures taken or proposed.

8. Audit

Customer may, on reasonable prior notice and no more than annually (except after a confirmed Personal Data breach), audit Slide Practice’s compliance with this Addendum. Audits are conducted under NDA, at Customer’s expense, and during business hours. Slide Practice may satisfy audit obligations by providing recent third-party audit reports (SOC 2 once available).

9. Return and deletion

On termination of the Services, Slide Practice will, at Customer’s choice, return or delete Customer Data within 90 days, except where retention is required by law. Slide Practice will confirm completion in writing.

10. Customer obligations

Customer is responsible for the lawful basis for processing, providing required notices to data subjects, obtaining required consents (including for session recording where required by recording laws), and ensuring the categories and volumes of Personal Data submitted are appropriate to the Services.

11. Governing law

This Addendum is governed by the same law as the Terms of Service, except where Data Protection Laws compel otherwise.

12. Order of precedence

In case of conflict, the order is: (1) Standard Contractual Clauses (where applicable), (2) this Addendum, (3) Terms of Service, (4) any order form.

Signing

For a counter-signed PDF for your records, submit a DPA request. We turn signed DPAs around within five business days.