• Pricing
  • Who It's For
    ISO 9001 Certified Businesses
    Resources
    Blog
Start Free Trial
Table of Contents
1. Definitions2. Role of the Parties3. Processing Details4. Dayspring's Obligations5. Customer's Obligations6. Sub-Processors7. Retention & Deletion8. International Transfers9. Data Subject Rights10. Data Protection Contact11. Governing Law
  • Effective Date:
    14/10/2025
  • ·
  • Last Updated:
    15/06/2026

Dayspring Software: Data Processing Agreement

This Data Processing Agreement (“DPA”) forms part of the Terms of Service between Dayspring Software Limited (“Dayspring”, “we”, “us”) and the Customer (“you”) and governs the processing of personal data by Dayspring on behalf of the Customer in connection with the Platform. Capitalised terms not defined here have the meanings given in the Terms of Service.

1. Definitions

“Controller” means the Customer, who determines the purposes and means of processing personal data. 

‍“Data Protection Law” means the UK GDPR, the Data Protection Act 2018, and any successor legislation, as amended from time to time.  
‍
‍“Personal Data” has the meaning given in Data Protection Law.
‍
“Processor” means Dayspring, who processes personal data on behalf of the Customer. 
‍
‍“Special Category Data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, or data concerning a natural person’s sex life or sexual orientation, as defined in Article 9 UK GDPR. 

‍“Sub-processor” means any third party engaged by Dayspring to process personal data in connection with the Platform.

2. Role of the Parties

The Customer is the Controller and Dayspring is the Processor in respect of any personal data processed through the Platform. Each party will comply with its respective obligations under Data Protection Law.  

The Customer acknowledges that it is solely responsible for the lawfulness of any personal data uploaded to the Platform, including any Special Category Data that may be contained within documents or files uploaded by Authorised Users. Dayspring processes such data solely on the Customer’s instructions and does not determine the nature or content of uploaded materials.

    3. Processing Details

    Categories of Data Subjects: The Customer’s Authorised Users and any individuals whose personal data is contained within the files and documents uploaded to the Platform. This may include individuals referenced in policy documents, HR materials, or other files uploaded by Authorised Users. 

    ‍Duration: For the Term of the Customer’s subscription, plus any applicable retention period set out in Clause 7 of this DPA.
    ‍
    Nature of Processing: Hosting, storage, retrieval,and transmission of personal data as part of the Platform, together with AI-assisted processing including but not limited to summarisation, content analysis, gap identification, recommendations, and responses to natural language queries, in each case applied to materials uploaded by the Customer.

    Purpose: Providing the Platform to the Customer in accordance with the Terms of Service.  

    ‍Types of Personal Data: Account credentials (name, email address, authentication data), billing information, support correspondence, and any personal data – including Special Category Data – contained within documents uploaded by Authorised Users.

      4. Dayspring's Obligations

      Dayspring will:

      • Process personal data only in accordance with the Customer’s instructions, which are given through the Customer’s use of the Platform (including actions taken by Authorised Users such as uploading documents, managing user licences, and using AI Features) and as set out in theTerms of Service and this DPA. The Customer’s use of the Platform constitutes its written processing instructions for the purposes of Article 28(3) UK GDPR;
      • Ensure that personnel with access to personal data are subject to appropriate confidentiality obligations and have received adequate data protection training relevant to their role;
      • Implement and maintain appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or destruction;
      • Not use personal data or Customer Data for any purpose other than providing the Platform, and in particular will not use it to train, fine-tune, or improve any artificial intelligence or machine learning model;
      • Notify the Customer without undue delay, and in any event within 72 hours of becoming aware, of a personal data breach affecting the Customer’s personal data, providing such information as is reasonably available at that time;
      • Where a data subject rights request relates topersonal data processed through the Platform, assist the Customer in responding to the extent technically possible given the nature of the Platform and the fact that Dayspring does not have routine visibility of uploaded content;
      • Make available to the Customer, upon writtenrequest, information reasonably necessary to demonstrate Dayspring’s compliance with this DPA, and permit and contribute to audits and inspections conducted by the Customer or an auditor mandated by the Customer, on reasonable notice and subject to appropriate confidentiality obligations.

      5. Customer's Obligations

      The Customer will:

      • Ensure it has a lawful basis for processing personal data uploaded to the Platform, including any Special Category Data contained within uploaded documents, and where Special Category Data is processed, ensuring that an additional condition under Article 9 UK GDPR is also met;
      • Provide any necessary notices to, and obtain any necessary consents from, data subjects whose personal data is processed throughthe Platform, including where such personal data may be contained within documents or files uploaded by Authorised Users and processed by Dayspring’s AI Features. The Customer acknowledges that Dayspring has no visibility of or control over the personal data contained within uploaded materials and that responsibility for ensuring data subjects are appropriately informed rests solely with the Customer as Controller;
      • Ensure that its instructions to Dayspring comply with Data Protection Law;
      • Be responsible for the accuracy, quality, and legality of personal data uploaded to the Platform;
      • Not upload personal data to the Platform in excess of what is necessary for the Customer’s legitimate business purposes, in accordance with the data minimisation principle under Data Protection Law.

      6. Sub-Processors

      The Customer provides general authorisation for Dayspring to engage sub-processors. Dayspring’s current sub-processors are:

      • Amazon Web Services ("AWS") for the purpose of platform hosting, storage, email delivery, and AI processing.
      • Oracle NetSuite for the purpose of customer support case management.
      • Stripe for the purpose of payment processing and billing.

      Dayspring will ensure sub-processors are bound by data protection obligations no less protective than those in this DPA.

      Dayspring will notify the Customer of any intended changes to sub-processors by updating this DPA and providing at least 30 days’ notice. If the Customer reasonably objects to a new sub-processor on data protection grounds, it must notify Dayspring in writing within that 30-day period at compliance@dayspringsoftware.com. If the parties cannot resolve the objection, either party may terminate the Agreement on written notice without penalty. 

      Dayspring will carry out appropriate due diligence on any new sub-processor before engaging them, and will be fully liable to the acts and omissions of its sub-processors to the same extent as if Dayspring had performed the processing itself, subject to the limitations set out in Clause 13 of the Terms of Service.

      7. Retention & Deletion

      Account & Billing Records: Personal data relating to the Customer’s account, billing history, and support correspondence will be retained for 7 years from the end of the subscription, in accordance with the Limitation Act 1980, after which it will be securely deleted or anonymised.  

      ‍Platform Data: All Customer Data within the Platform will be permanently deleted within 30 days of cancellation of the Customer’ssubscription, in accordance with Clause 5 of the Terms of Service. 

      Upon expiry of the applicable retention period, Dayspring will securely delete or anonymise all personal data, unless retention is required by applicable law. Upon written request, Dayspring will provide the Customer with written confirmation that deletion or anonymisation has been completed.

        8. International Transfers

        Dayspring processes Customer personal data within the UK and EU only (AWS eu-west-1 and eu-west-2). With the exception of Stripe, Inc., which processes billing information in the US subject to appropriate safeguards including the UK Addendum to the EU Standard Contractual Clauses, all sub-processors process Customer personal data within the UK or EU. No other transfers of Customer personal data are made to third countries outside the UK or EU, except where required by applicable law.

          9. Data Subject Rights

          Where Dayspring receives a request directly from a data subject in relation to personal data processed on behalf of the Customer, Dayspring will promptly forward that request to the Customer and will not respond to the data subject unless instructed to do so by the Customer or required by law.

            10. Data Protection Contact

            All data protection queries, notices, and complaints should be directed to Dayspring’s compliance team: compliance@dayspringsoftware.com.

            11. Governing Law

            This DPA is governed by the laws of England and Wales and forms part of the Terms of Service.

            Resources
            BlogContact Us
            Legal
            Privacy PolicyCookie PolicyCookie Settings
            Subscribe to our newsletter

            Get the latest news and updates from our team.

            Thank you! Your submission has been received!
            Oops! Something went wrong while submitting the form.
            © 2026 Dayspring Software. All Rights Reserved.