Legal
Data Processing Addendum
Last updated: May 18, 2026
Roles
For personal data Customer submits to the JobsPipe API, Customer is the Controller and JobsPipe is the Processor. For account and billing data we hold about Customer, JobsPipe is the Controller.
Scope of processing
JobsPipe processes personal data only to provide the service in accordance with Customer instructions and the published API documentation.
Security measures
JobsPipe maintains technical and organizational measures including: encryption in transit and at rest, principle of least privilege for production access, MFA on all admin accounts, audit logging, vendor risk reviews, and an incident response process. A current TOMs document is available on request.
Sub-processors
JobsPipe uses a limited set of sub-processors for hosting, email, payments, support chat, and analytics. A current list is available on request. We give Customer prior notice of new sub-processors and a reasonable window to object.
International transfers
Where personal data is transferred outside the EEA, UK, or Switzerland, JobsPipe relies on the EU Standard Contractual Clauses (and UK Addendum where applicable), supplemented by the technical measures described above.
Data subject requests
JobsPipe will, on Customer request and at Customer’s cost, provide reasonable assistance to enable Customer to respond to data subject requests under applicable law.
Breach notification
JobsPipe will notify Customer without undue delay, and in any event within 72 hours, of a personal data breach affecting Customer data.
Return or deletion
On termination, JobsPipe will delete Customer personal data within 90 days, except where retention is required by law.
Audit
JobsPipe will, on reasonable written request and no more than once per year, make available documentation reasonably necessary to demonstrate compliance with this DPA.
Order of precedence
In the event of a conflict between this DPA and the Terms of Service, this DPA controls solely with respect to the processing of personal data.