This GDPR Addendum supplements the Jetpack Workflow Privacy Policy and applies to residents of the European Economic Area (EEA), the United Kingdom (UK), and Switzerland who use our Services. It provides additional information about your rights under the General Data Protection Regulation (GDPR) and outlines how we process your personal data in accordance with European data protection laws.
Lawful Bases for Processing
We process your personal data under one or more of the following lawful bases:
- Contractual necessity – to fulfill our obligations in providing the Services to you or your organization.
- Legitimate interests – to analyze usage, improve Services, communicate with users, and prevent fraud or misuse. We carefully assess and balance these interests against your data protection rights.
- Consent – when required, particularly for marketing emails or optional cookies and tracking technologies.
- Legal obligation – where required to comply with legal or regulatory requirements.
Your GDPR Rights
As a data subject in the EEA, UK, or Switzerland, you have the following rights:
- Access – You can request access to personal data we hold about you.
- Rectification – You may request that we correct inaccurate or incomplete data.
- Erasure – You can ask us to delete your personal data, subject to legal and contractual obligations.
- Restriction – You may request limited use of your data under certain circumstances.
- Data portability – You may request a copy of your personal data in a structured, commonly used format.
- Objection – You may object to processing based on legitimate interests, or to direct marketing.
- Withdraw consent – Where processing is based on consent, you may withdraw that consent at any time.
To exercise any of these rights, contact us at privacy@jetpackworkflow.com. We may need to verify your identity before fulfilling your request.
International Data Transfers
We primarily store and process data in the United States. When transferring your personal data outside the EEA, UK, or Switzerland, we use approved safeguards such as:
- Standard Contractual Clauses (SCCs)
- Data Processing Agreements (DPAs) with our subprocessors
- Industry-recognized security frameworks
You may request a copy of our SCCs by contacting us.
Subprocessors
We engage third-party service providers (subprocessors) to support our operations. These include:
- Intercom – Support and messaging
- PostHog – Analytics and session recording
- Auth0 – Authentication
- FlatFile – Data imports
- Stripe – Payment processing
- HubSpot – Marketing automation
Each subprocessor is contractually bound to act only on our instructions and implement appropriate technical and organizational measures to protect personal data.
Automated Decision Making
We do not use your personal data to make automated decisions that have legal or similarly significant effects on you.
Contact Information
For any questions or concerns about this GDPR Addendum or your rights, contact:
Email: privacy@jetpackworkflow.com
Mail: Jetpack Workflow, 1151 Freeport Road, #131, Pittsburgh PA 15238, United States
You also have the right to lodge a complaint with your local data protection authority.
