Data Processing Addendum (DPA)

This is a template you can link as a PDF or page, and have inspectors accept as part of onboarding or upon request.

DATA PROCESSING ADDENDUM
Last Updated: December 2025

This Data Processing Addendum (“DPA”) forms part of the agreement (the “Agreement”) between:

Customer (the “Controller”), identified in the main subscription or service agreement; and
ReportWriter AI, LLC (“Processor” or “ReportWriter AI”).

This DPA applies to the extent ReportWriter AI processes Personal Data on behalf of Customer in providing the Services.

1. Definitions

“Personal Data,” “Controller,” “Processor,” “Data Subject,” and “Processing” have the meanings given under applicable data protection laws (including GDPR, where applicable).

“Services” means the products and services provided by ReportWriter AI to Customer under the Agreement.

“Sub-processor” means any third party engaged by ReportWriter AI to process Personal Data on behalf of Customer.

2. Roles of the Parties

The customer is the Controller of Personal Data submitted to the Services.
ReportWriter AI is the Processor that processes Personal Data on behalf of the Customer and in accordance with the Customer’s documented instructions.

3. Subject Matter, Nature & Purpose of Processing

Subject Matter: Personal Data related to inspectors, their employees, and their clients (e.g., homebuyers, sellers, agents) submitted to or generated in the Services.
Nature of Processing: Collection, storage, organization, transmission, display, and other operations necessary to provide the Services.
Purpose: To provide, maintain, secure, and support the Services; to meet legal obligations; and to improve functionality consistent with the Agreement and this DPA.
Duration: Throughout the term of the Agreement, unless otherwise required by law.

4. Types of Personal Data & Data Subjects

Data Subjects may include:

Inspectors and their staff
Homebuyers, sellers, real estate agents, and other parties involved in inspections

Types of Personal Data may include:

Identifiers (name, email, phone, address)
Account details and login information
Inspection-related data and notes that contain personal data
Technical and usage data associated with accounts

Customer agrees not to submit special categories of data (e.g., health, biometric, or other sensitive categories) unless permitted by applicable law and explicitly agreed in writing.

5. Instructions & Compliance

ReportWriter AI will:

Process Personal Data only on documented instructions from Customer, including as set forth in the Agreement and this DPA
Inform Customer if an instruction appears to violate applicable data protection law, where legally permitted

If additional instructions require work beyond the Services as ordinarily provided, the parties may agree to additional fees.

6. Security

ReportWriter AI will implement appropriate technical and organizational measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access, taking into account the nature of the data and the risk of harm.

Details of current security practices may be provided upon request or in separate documentation.

7. Confidentiality

ReportWriter AI will ensure that persons authorized to process Personal Data are bound by confidentiality obligations.

8. Sub-Processors

Customer authorizes ReportWriter AI to engage Sub-processors to provide hosting, infrastructure, analytics, customer support, email delivery, and related services.

ReportWriter AI will enter into written agreements with Sub-processors requiring them to protect Personal Data to a level not materially less protective than this DPA.
Upon request, ReportWriter AI may provide a list of current Sub-processors.
Customer may raise reasonable objections to a new Sub-processor where justified by data protection concerns.

9. Data Subject Requests

Taking into account the nature of Processing, ReportWriter AI will reasonably assist Customer in responding to Data Subject requests (access, correction, deletion, restriction, objection, portability) where required by law.

Customer remains responsible for responding to such requests and for assessing the legal basis for any action taken.

10. Data Breach Notification

If ReportWriter AI becomes aware of a Personal Data breach affecting Customer’s Personal Data, we will notify Customer without undue delay and provide information reasonably available to help Customer meet its legal obligations.

11. International Transfers

Where ReportWriter AI transfers Personal Data outside the country of origin (for example, to the United States), we will use appropriate safeguards as required by applicable law (such as Standard Contractual Clauses), unless an exemption or adequacy decision applies.

12. Return or Deletion of Personal Data

Upon termination or expiration of the Agreement, ReportWriter AI will, at Customer’s choice and subject to technical feasibility:

Delete Personal Data; or
Return Personal Data to Customer

ReportWriter AI may retain Personal Data as required by law, for dispute resolution, or for back-up and archival purposes, subject to appropriate safeguards.

13. Audits

Upon reasonable written request and at reasonable intervals, ReportWriter AI will:

Provide information necessary to demonstrate compliance with this DPA; and/or
Allow for audits or inspections, subject to reasonable confidentiality, security, and scheduling constraints.

Any audits beyond providing standard security/compliance documentation may be subject to reasonable fees.

14. Order of Precedence

In case of conflict between this DPA and the Agreement, this DPA will control with respect to data protection obligations.

15. Miscellaneous

This DPA is governed by the same law and jurisdiction as the Agreement, unless data protection laws require otherwise.