STRProof
Try Free

Data Processing Agreement

Last updated: 2026-05-17

1. Overview

This Data Processing Agreement ("DPA") forms part of the Terms of Service between you ("Customer", "Data Controller") and STRProof ("Processor") and governs the processing of personal data by STRProof on your behalf.

This DPA applies if you use STRProof in a business capacity where you determine the purposes and means of processing personal data (for example, as a property management company processing guest data).

3. Scope and Roles

3.1 Roles

  • Customer (you): Data Controller. You determine what personal data is entered into the Service and why.
  • STRProof: Data Processor. We process personal data on your behalf, according to your instructions, to provide the Service.

3.2 Data Categories

| Category | Examples | Data Subjects | |---|---|---| | Guest data | Names, emails, phone numbers, photos | Guests of your properties | | Team data | Names, emails, roles | Co-hosts and cleaners you invite | | Property data | Addresses, photos, notes | May contain personal data | | Account data | Your name, email, payment information | You and your team |

3.3 Processing Purposes

We process personal data only for the following purposes:

  • Providing, maintaining, and improving the Service
  • Generating property condition reports as instructed by you
  • Sending guest approval and checkout links as instructed by you
  • Processing payments and managing subscriptions
  • Security, fraud prevention, and audit logging
  • Complying with legal obligations

5. Customer Obligations

You shall:

5.1 Lawful Basis

Ensure you have a lawful basis for processing Personal Data entered into the Service, including guest data and team member data.

5.2 Guest Consent

Obtain necessary consents from guests before entering their personal information into the Service and before sending them approval or checkout links.

5.3 Data Accuracy

Ensure the accuracy and lawfulness of all Personal Data you enter into the Service.

5.4 Notification

Notify STRProof promptly if you become aware of any data subject request, complaint, or regulatory inquiry related to Personal Data processed through the Service.

7. Security Incident Notification

In the event of a Personal Data breach:

  1. STRProof will notify you within 48 hours of becoming aware of the breach
  2. The notification will include:
  • The nature of the breach
  • The categories and approximate number of data subjects affected
  • The likely consequences
  • The measures taken or proposed to address the breach
  1. We will cooperate with you in investigating and remedying the breach
  2. We will not inform data subjects directly without your authorization, unless required by law

9. International Transfers

Personal Data may be transferred to countries outside the EEA/UK. For such transfers, we ensure appropriate safeguards:

  • Standard Contractual Clauses (SCCs) as approved by the European Commission
  • Encryption of all transferred data
  • Strict access controls

11. Contact

Data Protection Inquiries: privacy@strproof.com

DPA-Specific Questions: legal@strproof.com

Data Subject Requests: /gdpr/data-request