Data Processing Agreement

Last updated: June 2025

Effective from: June 2025

This Data Processing Agreement applies to business users (estate agents, developers, brokers) using PropWealthMetrics to process personal data of their own clients.

1. Scope

This DPA governs the processing of personal data by PropWealthMetrics on behalf of a business customer ("Controller") in connection with their use of the platform.

2. Definitions

"Controller", "Processor", "Data Subject", "Personal Data", and "Processing" carry the meanings given to them in the UK GDPR.

3. Obligations of PropWealthMetrics as Data Processor

  • Process personal data only on documented instructions from the Controller
  • Ensure personnel authorised to process the data are bound by confidentiality
  • Implement appropriate technical and organisational security measures
  • Assist the Controller in fulfilling data subject rights requests

4. Sub-processors

PropWealthMetrics uses the following sub-processors:

  • Supabase — database and authentication
  • Anthropic — AI processing
  • Stripe — payment processing
  • Vercel — hosting and content delivery

5. International Data Transfers

Any transfer of personal data outside the UK is protected by appropriate safeguards including standard contractual clauses and the UK International Data Transfer Addendum.

6. Security Measures

PropWealthMetrics maintains TLS 1.3 in transit, AES-256 at rest, role-based access control, audit logging, and regular security reviews. See the Security Policy for details.

7. Breach Notification

PropWealthMetrics will notify the Controller without undue delay, and in any event within 72 hours, after becoming aware of a personal data breach.

8. Assistance with Data Subject Rights

PropWealthMetrics will provide reasonable assistance to the Controller to respond to data subject access, rectification, erasure, and portability requests.

9. Deletion on Termination

On termination, PropWealthMetrics will, at the Controller's choice, delete or return all personal data, save where retention is required by law.

10. Audit Rights

The Controller may, on reasonable notice and no more than once per year, audit PropWealthMetrics's compliance with this DPA, subject to confidentiality.

Questions about this policy? Email info@propwealthmetrics.com.