Last updated: April 2026

This Data Processing Addendum ("DPA") forms part of your agreement with SwiftCrane for SwiftCrane Cloud and applies whenever SwiftCrane processes Personal Data on your behalf as a Processor under the GDPR, UK GDPR, or equivalent legislation.

Scope of processing

• Subject matter: provision of the SwiftCrane service.
• Duration: while you have an active subscription, plus 30 days for export.
• Nature & purpose: hosting, indexing, and analysis of construction-project data on your instruction.
• Categories of data subjects: your employees, subcontractors, vendors, owners, design team, inspectors.
• Categories of personal data: names, emails, phone numbers, signatures, employment / contractor information, photographs, optionally GPS-tagged location.

Processor obligations

• Process only on documented instructions.
• Ensure personnel are bound by confidentiality.
• Implement appropriate technical and organisational measures (described in the security overview).
• Engage sub-processors only as listed on the trust center, with prior notice of changes.
• Assist with data-subject requests and DPIAs.
• Notify you of personal-data breaches within 72 hours of discovery.
• Return or delete personal data on termination.

International transfers

Where personal data is transferred outside the EEA, UK, or Switzerland, the EU Standard Contractual Clauses (EU 2021/914) and UK Addendum apply, with SwiftCrane as data importer as Module Two or Module Three as applicable.

Sub-processors

Current sub-processors are listed on the trust center. We will notify you at least 30 days in advance of any new sub-processor; you may object on reasonable grounds.

Audits

We make available the SOC 2 Type II report (when issued) under NDA. Customers paying $75,000+ per year may request an annual audit on reasonable notice.

Execution

This DPA is effective without signature for cloud customers. To request a counter-signed copy, email privacy@swiftcrane.com.