Data Processing Addendum

HEA4 processes customer personal data to provide enterprise chat monitoring, workflow automation, reporting, access control, and support for the term of the customer agreement and any post-termination transition period.

Processing includes hosting, indexing, analyzing, securing, displaying, exporting, and deleting customer workspace data according to documented customer instructions and configured product controls.

Data subjects may include customer employees, contractors, managers, clients, prospects, and counterparties in business communications. Personal data may include identifiers, work contact details, chat metadata, message content, tasks, audit events, and role assignments.

HEA4 personnel and subprocessors are bound by confidentiality duties. Security measures include tenant isolation, RBAC, MFA/passkeys for privileged access, encryption in transit, KMS-backed encryption options, logging, backups, vulnerability handling, and incident response.

HEA4 uses subprocessors only as needed to deliver the service and keeps a public Subprocessors page. Customers may request notice and object to material changes under their agreement.

HEA4 assists with data subject requests, audits, breach notifications, and deletion or return of data as required by applicable data protection law and the customer agreement.