Data Processing Agreement
This Data Processing Agreement governs the processing of personal data by HeyNeighbor AI LLC as a data processor on behalf of our business customers (data controllers) under GDPR and other applicable data protection laws.
Key Definitions
Controller
The Customer (HOA community) who determines the purposes and means of processing personal data
Processor
HeyNeighbor AI LLC, who processes personal data on behalf of the Controller
Sub-processor
Third-party processors engaged by HeyNeighbor AI LLC to assist in providing services
Scope and Duration
Processing Activities
We process personal data solely to provide HOA community management services as outlined in our Terms of Service and as instructed by the Customer.
Duration
This agreement remains in effect for the duration of the service agreement and continues until all personal data is deleted or returned.
Personal Data Categories
Data Types
• Contact information (name, email, phone)
• Property information (address, unit details)
• Community communications and documents
• Payment and financial information
• Usage and technical data
Data Subjects
• HOA community residents
• Board members and administrators
• Property managers
• Service providers and vendors
• Real estate professionals
Our Obligations as Processor
Process only on documented instructions from the Controller
Ensure confidentiality of personal data through staff training and agreements
Implement appropriate security measures including encryption and access controls
Assist with data subject requests for access, rectification, erasure, and portability
Assist with data protection impact assessments when required
Delete or return data upon termination of services as instructed
Sub-processors
We engage the following sub-processors to provide our services. All sub-processors are bound by data processing agreements with equivalent obligations:
We will notify Controllers of any changes to this list with 30 days' notice and provide opt-out mechanisms for objections.
International Transfers
Personal data may be processed in countries outside the EEA. We ensure appropriate safeguards through Standard Contractual Clauses and adequacy decisions where applicable.
Security Measures
• End-to-end encryption in transit and at rest
• Multi-factor authentication
• Regular security audits and monitoring
• Access controls and logging
• Employee training and confidentiality agreements
Data Breach Notification
In the event of a personal data breach, we will notify the Controller without undue delay and within 72 hours of becoming aware of the breach. We will provide all information reasonably necessary for the Controller to fulfill their own notification obligations.
Audit Rights
Information Provision
We will provide Controllers with information necessary to demonstrate compliance with GDPR Article 28 obligations.
Audit Process
Controllers may conduct audits or inspections, or engage qualified third parties, with reasonable notice and subject to confidentiality obligations.
Limitations & Disclaimers
Liability Limitation
Our total liability under this DPA is limited to the fees paid by Controller in the 12 months preceding any claim. We exclude liability for consequential, indirect, or punitive damages.
Growing Company Acknowledgment
As a growing startup, our processes and capabilities are continuously improving. We commit to implementing appropriate measures relative to our size, resources, and the nature of processing activities.
Force Majeure
Neither party will be liable for delays or failures due to circumstances beyond reasonable control, including third-party infrastructure outages, natural disasters, or government actions.
Agreement Updates
We may update this DPA with 30 days' notice to reflect changes in our services, sub-processors, or legal requirements. Existing customers will be grandfathered under current terms where legally permissible.
DPA inquiries: legal@heyneighbor.ai
Last updated: September 8, 2025
🛡️ This DPA ensures GDPR compliance for our business customers. Contact legal@heyneighbor.ai for questions.