Data Processing Agreement

Last Updated: January 1, 2026

Introduction

This Data Processing Agreement ("DPA") forms part of the Service Agreement between Helium Software Inc., doing business as Flint ("Processor," "we," or "us"), and the Customer ("Controller," "you") for the provision of the Flint platform and related services.

Definitions

  • "Personal Data" means any information relating to an identified or identifiable natural person
  • "Processing" means any operation performed on Personal Data, including collection, storage, use, and deletion
  • "Data Subject" means the individual to whom Personal Data relates
  • "Subprocessor" means any third party engaged by us to process Personal Data on your behalf

Scope and Purpose

We will process Personal Data solely for the purpose of providing the Service as described in your Service Agreement and in accordance with your documented instructions.

Customer Responsibilities

You are responsible for:

  • Ensuring you have a lawful basis to provide Personal Data to us
  • Providing any required notices to Data Subjects regarding the processing
  • Ensuring the accuracy of Personal Data provided to us
  • Complying with applicable data protection laws

Our Obligations

We agree to:

  • Process Personal Data only on your documented instructions
  • Ensure personnel authorized to process Personal Data are bound by confidentiality obligations
  • Implement appropriate technical and organizational security measures
  • Assist you in responding to Data Subject requests
  • Delete or return Personal Data upon termination of services, at your choice
  • Make available information necessary to demonstrate compliance with this DPA

Security Measures

We implement and maintain appropriate technical and organizational measures to protect Personal Data, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication mechanisms
  • Regular security assessments and monitoring
  • Incident response procedures

Subprocessors

We use Subprocessors to assist in providing the Service. A current list is available on our Subprocessors page.

Data Transfers

Personal Data may be transferred to and processed in the United States. All our servers are located in the United States. We ensure appropriate safeguards are in place for any international data transfers.

Data Subject Rights

We will assist you in fulfilling your obligations to respond to Data Subject requests to exercise their rights under applicable law, including rights of access, rectification, erasure, and data portability.

Data Breach Notification

In the event of a Personal Data breach, we will notify you without undue delay and provide information necessary for you to fulfill any breach notification obligations.

Audit Rights

Upon reasonable notice, you may audit our compliance with this DPA. We will provide reasonable cooperation and access to relevant information, subject to confidentiality obligations.

Term and Termination

This DPA remains in effect for the duration of your Service Agreement. Upon termination, we will delete or return all Personal Data within 90 days, unless retention is required by law.

Contact

For questions about this DPA or to request a signed copy, please contact us at:

Email: andrew@instafleet.co

Address: Helium Software Inc.

2261 Market Street STE 46246

San Francisco, CA 94114

United States