pileform
ΕλληνικάStart free
Legal

Data Processing Agreement.

This DPA forms part of the agreement between you (the “Customer”, acting as data controller for the personal data processed through Pileform) and Encelyte Ltd (“Pileform”, acting as data processor). It implements GDPR Article 28 obligations.

Version 1.0 · 3 May 2026. This DPA reflects how we actually process Customer data today. If your compliance team has specific clauses to negotiate before counter-signature, email contact@pileform.com. We’ll work with you.

1. Parties

Processor: Encelyte Ltd, a Cyprus-registered company, operating the service known as Pileform. Registered office: Nicosia, Cyprus. Contact: contact@pileform.com.

Controller: you, the Customer entering into the Pileform service terms.

2. Subject matter and duration

Subject matter: processing of personal data contained in receipts, invoices, and accounting documents the Customer uploads to Pileform, for the purpose of extracting structured data and producing per-supplier Excel workbooks.

Duration: for the term of the Customer’s service agreement with Pileform, plus the retention periods set out in section 7.

3. Nature and purpose of processing

Pileform performs optical character recognition, language detection, supplier grouping, VAT-rate inference, and structured data extraction on documents the Customer uploads. The output is returned to the Customer as Excel workbooks, with the original documents embedded for audit traceability.

4. Categories of personal data

Personal data processed may include, depending on the content of the uploaded documents:

  • Names of payees, customers, suppliers, and signatories appearing on receipts and invoices
  • Postal addresses, email addresses, and phone numbers appearing on commercial documents
  • VAT registration numbers and tax identifiers
  • Monetary amounts, dates, and reference numbers
  • Occasionally, identification numbers (e.g. national IDs printed on certain receipts in some jurisdictions)

No special-category data (Article 9) is intentionally processed. The Customer represents that they will not knowingly upload special-category data.

5. Categories of data subjects

  • End customers of the Customer’s clients (i.e. people whose names appear on receipts)
  • Employees and contractors of the Customer’s clients
  • Suppliers and merchants whose details are printed on receipts

6. Sub-processor changes

Pileform engages a vetted set of infrastructure sub-processors, each bound by data protection obligations equivalent to those in this DPA. The current list is available to active customers on request. Pileform will notify the Customer in writing (via the email address on the Customer account) of any intended addition or replacement of a sub-processor at least 30 days before the change takes effect. The Customer may object on reasonable data-protection grounds. If the parties cannot resolve the objection, the Customer may terminate the affected service with a pro-rata refund of pre-paid fees.

7. Data return and deletion

  • Source PDFs (uploaded files): deleted from primary storage 30 days after upload.
  • Generated workbooks: retained 90 days from generation, then deleted unless the Customer downloads or archives earlier.
  • Tax-record retention: the period configured by the Customer in the in-app Settings → Data & exports section (default 10 years system-wide; range 6–30 years with country presets: Cyprus / UK / Ireland / Malta / Spain / Greece 6 years, Netherlands 7, Germany / France / Italy / Lebanon 10), held in encrypted cold storage, to satisfy applicable tax-compliance requirements. The Customer may request earlier deletion of any individual job at any time; Pileform will honour within 30 days unless legally required to retain (e.g. an active tax-audit notice).
  • On termination of the service agreement: the Customer may export all data via the in-app archive download. Pileform will then delete all personal data within 30 days of termination, subject to the configured tax-record retention period.
  • Backups: encrypted, retained 30 days, in a separate region from production. Backups are overwritten on the rolling 30-day cycle.

8. Security measures

  • TLS 1.3 in transit, AES-256 at rest, on all persistence layers
  • EU-only data residency for primary storage and processing (Frankfurt region)
  • Per-account row-level isolation in the database; no cross-tenant data visibility
  • Argon2id (or bcrypt fallback) for password hashing
  • HTTP-only, Secure, SameSite=Lax session cookies
  • Rate limiting on all endpoints, especially upload and authentication
  • Per-action audit log retained 90 days for sign-in attempts, available to the Customer on request
  • No third-party scripts on the workspace (app.pileform.com): no tag managers, analytics, or session-replay tools
  • Encrypted nightly backups, retained 30 days in a separate region
  • Vendor security review on each sub-processor before onboarding
  • Documented incident response plan with named contact

9. Audit rights

The Customer may, no more than once per twelve months, request a written summary of Pileform’s technical and organisational measures and the SOC2 / ISO 27001 attestations of named sub-processors. Pileform will respond within 30 days. On-site audits are not standard given Pileform’s size; an external auditor under NDA may be substituted at the Customer’s cost where the Customer has a demonstrable regulatory requirement.

10. Data subject requests

Pileform will assist the Customer in responding to data-subject requests under GDPR Articles 15–22. If a data subject contacts Pileform directly, Pileform will forward the request to the Customer within 7 business days and will not respond substantively unless instructed by the Customer.

11. Personal data breach

Pileform will notify the Customer without undue delay, and in any event within 72 hours of becoming aware, of any personal data breach affecting the Customer’s data. The notification will include the nature of the breach, the categories and approximate number of data subjects and records affected, the likely consequences, and the measures taken or proposed.

12. International transfers

Where personal data is transferred outside the European Economic Area to a sub-processor, the transfer is governed by the EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914), Module 3 (processor-to-processor), with appropriate supplementary measures (encryption, access controls, contractual opt-out from any training on Customer content where the sub-processor offers machine-learning capabilities).

13. Confidentiality

All Pileform personnel with access to personal data are bound by confidentiality obligations and have received GDPR-aware training.

14. Liability

The liability cap and exclusions set out in the Pileform service terms apply to this DPA, save where GDPR or applicable law mandates otherwise.

15. Term and termination

This DPA takes effect when the Customer accepts the Pileform service terms and continues until the service agreement terminates. On termination, the obligations in section 7 (Data return and deletion) survive.

16. Governing law

This DPA is governed by the laws of the Republic of Cyprus and is read together with the Pileform Terms of Service.

Acceptance. The Customer’s use of the Pileform service after the date above constitutes acceptance of this DPA. A counter-signed PDF copy is available on request. Email contact@pileform.com with the subject line “DPA counter-signature.”

Questions or red-line proposals: contact@pileform.com.