If you're an EU/UK business customer (typically on the Agency plan) and PingShift processes personal data on your behalf — for example, the email addresses of people who subscribe to your status pages — you may need a Data Processing Addendum. This page summarizes ours; the signable document is available on request.
Roles
For data you put into PingShift about your users (e.g. status-page subscribers), you are the controller and PingShift is the processor. For your own account data, we are the controller (see the Privacy Policy).
What the DPA covers
- We process personal data only on your documented instructions and to provide the service.
- We keep personal data confidential and require the same of staff and sub-processors.
- We maintain appropriate technical and organizational security measures (encryption of secrets at rest, access controls, audit logging, SSRF protections, backups).
- We use the sub-processors listed publicly, and give notice of changes.
- We assist you with data-subject requests, breach notification, and DPIAs as required by the GDPR.
- On termination, we delete or return personal data at your choice (our
DELETE /account erasure covers this). - International transfers rely on Standard Contractual Clauses where required.
Request a signed DPA
Email privacy@pingshift.app with your company details and we'll send the countersignable DPA.