Legal · Data Processing Agreement
Data Processing Agreement
Our DPA governs Inspect Genius's processing of personal data on behalf of customers under GDPR, UK GDPR, and the CCPA.
What the DPA covers
- Roles
- Customer is the controller; Inspect Genius is the processor.
- Categories of data
- Account data, inspection content, device and usage data.
- Categories of data subjects
- Inspectors, property managers, owners, tenants.
- Sub-processors
- Full list maintained on the Trust Center; advance notice on changes.
- International transfers
- EU Standard Contractual Clauses (SCCs) and UK Addendum.
- Security measures
- Encryption at rest (AES-256), encryption in transit (TLS 1.3), SOC 2 Type II controls.
- Breach notification
- Within 72 hours of confirmation, with full incident report within 30 days.
- Data subject rights
- Assistance with access, correction, deletion, and portability requests.
- Audit rights
- Annual third-party audit reports available under NDA.
- Term
- Matches the underlying Master Services Agreement.
How to sign
Most customers sign our standard DPA at the same time as the order form — no negotiation required. For enterprise customers with bespoke requirements, we'll work through redlines with our legal team.
PDF · Pre-signed
Standard DPA
Pre-signed by Inspect Genius. Countersign and return.
Download standard DPA (PDF)Negotiated
Custom DPA
For enterprise customers requiring redlines, custom data residency provisions, or BAA-equivalent terms.
Contact legalSub-processor list
Our current sub-processors are listed on the Trust Center. Customers are notified by email at least 30 days before any new sub-processor is added.