Legal
Data Processing Addendum
Document under review by counsel — last updated 2026-05-18
Scope
This Data Processing Addendum ("DPA") forms part of the agreement between Parent Companion ("Processor") and the clinic or healthcare organisation ("Controller") that has accepted our Terms of Service. It governs the processing of personal data — including special-category health data — carried out by Parent Companion on behalf of the Controller under Article 28 of the GDPR.
Processing details
All personal data is stored exclusively in Google Cloud infrastructure in the European Union (primary region: europe-west1 / Belgium; disaster-recovery region: europe-west4 / Netherlands). Data is encrypted at rest using customer-managed encryption keys (CMEK) and in transit using TLS 1.3. Sub-processors and transfer mechanisms will be listed in the final version of this DPA. Point-in-time recovery and 30-day backup retention are enabled by default.
Data subject rights and breach notification
Parent Companion will assist the Controller in responding to data subject rights requests within the timescales required by applicable law. In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, we will notify the Controller without undue delay and in any case within 72 hours of becoming aware of the breach. To execute a signed DPA or to request our sub-processor list, contact hello@parentcompanion.app.