05 · Data processing

Data Processing Addendum

Last updated May 1, 2026

1. Scope and roles

This Addendum forms part of the agreement between Foundry Planning, Inc. (“Foundry,” “Processor”) and the Firm identified at sign-up (“Firm,” “Controller”) and governs Foundry’s processing of personal information about the Firm’s clients (“Client Data”) on the Firm’s behalf. Where Foundry processes personal information about Firm members directly, Foundry acts as Controller; that processing is described in our Privacy Policy.

2. Subject matter, duration, and nature of processing

  • Subject matter: processing required to provide the Service to the Firm.
  • Duration:the term of the Firm’s subscription, plus any read-only grace and retention windows described in our Privacy Policy.
  • Nature and purpose: storing, organizing, projecting, modelling, and rendering reports on Client Data uploaded or entered by the Firm.
  • Categories of data subjects:the Firm’s clients and their household members named in scenarios.
  • Categories of data: identity, demographics, household composition, financial accounts, income, expenses, tax history, estate documents, and any other content the Firm uploads.

3. Foundry’s obligations

  • Process Client Data only on documented instructions from the Firm (the agreement and these Terms).
  • Ensure that personnel with access to Client Data are bound by confidentiality.
  • Implement and maintain the security measures listed in Section 5.
  • Assist the Firm, taking into account the nature of processing, in responding to data-subject requests and to data-protection authorities.
  • Notify the Firm without undue delay (target: within 72 hours of confirmation) of any confirmed personal-data breach affecting Client Data.

4. Subprocessors

The Firm authorizes Foundry’s use of the subprocessors listed at docs/vendors.md. Foundry will provide at least 30 days’ prior written notice (to the Firm owner of record) before adding or replacing a subprocessor that processes Client Data, during which the Firm may object on reasonable grounds. Foundry imposes data-protection obligations on its subprocessors that are no less protective than those in this Addendum.

5. Security measures

  • Encryption: TLS 1.2+ in transit; AES-256 at rest via Neon-managed Postgres.
  • Access control: three-tier roles (owner/admin/member) enforced server-side; multi-factor authentication required for owner role.
  • Tenancy isolation: all Client Data queries scoped by Firm ID at the application layer; verified by tests.
  • Audit logging: security-relevant actions are recorded in an append-only audit log retained for seven years.
  • Vulnerability management: dependency scanning on every build, security review of merge-bound changes, time-bound triage of disclosed vulnerabilities.
  • Incident response: documented runbook with on-call rotation; alerts via Sentry and infrastructure monitoring.

6. International data transfers

Where Client Data is transferred from the European Economic Area, United Kingdom, or Switzerland to a country not deemed adequate, the parties agree that the Standard Contractual Clauses (Module Two: Controller-to-Processor) are incorporated by reference, with the optional docking clause selected, governing law of Ireland, and supervisory authority of Ireland. The UK International Data Transfer Addendum and the Swiss FDPIC guidance apply mutatis mutandis.

7. Audits and information requests

Foundry will provide the Firm with up-to-date attestations (current SOC 2 Type II report or equivalent) and reasonable cooperation with the Firm’s audit obligations under applicable law, on no more than annual basis or as required by regulators or after a confirmed incident.

8. Return and deletion

On termination or expiry, Foundry will delete Client Data in accordance with the retention policy in our Privacy Policy. The Firm may export its data through the Service during the read-only grace window. After deletion, Foundry will, on request, provide a written confirmation that deletion has occurred, subject to any legal obligation to retain copies.

9. Liability

The liability of each party under or in connection with this Addendum is subject to the limits of liability in the agreement.

10. Order of precedence

If there is a conflict between this Addendum and any other terms between the parties, this Addendum governs solely with respect to processing of Client Data.

11. Contact

Privacy and security questions: support@foundryplanning.com.