Legal

Data Processing Addendum

Updated April 2026

This Data Processing Addendum ("DPA") supplements the OpenSettle Terms of Service and applies to the processing of Personal Data governed by the EU GDPR, UK GDPR, Swiss FADP, and applicable U.S. state privacy laws.

OpenSettle acts as a Processor and you act as the Controller of Personal Data you submit to the Service.

We process Personal Data only on your documented instructions, unless required to do otherwise by applicable law. We implement appropriate technical and organizational measures to protect Personal Data, as further described in our Security Schedule.

Sub-processors are listed at /legal/subprocessors. You will be notified at least 30 days before any change.

International transfers are made under the 2021 EU Standard Contractual Clauses and the UK Addendum, as applicable.

This document is a plain-language summary prepared for product and design purposes. The full legal text is maintained separately in our contract registry. For operational questions, contact legal@opensettle.com.