Data processing addendum.
Default data processing terms for client engagements that incorporate this DPA by reference.
§ 01Scope
This DPA applies only when a signed client agreement incorporates it or otherwise requires Swift Boulder to process personal data for a client.
This Data Processing Addendum ("DPA") applies when Swift Boulder processes personal data on behalf of a client under a signed agreement that incorporates this DPA. It does not, by itself, create a services engagement or replace a signed MSA or SOW.
§ 02Roles
The client is usually the controller or business. Swift Boulder is usually the processor or service provider.
For client project data, the client determines the purposes and means of processing. Swift Boulder processes personal data only to provide services, follow documented instructions, secure systems, comply with law, and perform obligations in the signed agreement.
§ 03Processing details
Processing depends on the project and usually includes website, SEO, analytics, content, and technical audit work.
| Subject matter | Web development, SEO, content, migration, analytics, and related professional services |
| Duration | The engagement term plus any retention period required by the agreement or law |
| Data subjects | Client personnel, website visitors, leads, customers, and other people represented in client systems |
| Data categories | Identifiers, contact details, website usage data, analytics data, content, business records, and technical metadata |
| Special categories | Not expected unless expressly authorized in writing by the client |
§ 04Instructions and restrictions
We process client personal data only for the engagement and documented instructions.
Swift Boulder will process personal data only on documented client instructions, including the signed agreement, SOW, project communications, and lawful configuration requests. We will not sell client personal data or share it for cross-context behavioral advertising.
§ 05Subprocessors
We may use subprocessors for hosting, email, project management, payments, and client-approved tools.
Swift Boulder may use subprocessors to deliver services. The current public list is available at /subprocessors. Client-specific subprocessors may also include platforms selected or approved by the client. We require subprocessors to provide appropriate confidentiality, security, and data protection commitments.
§ 06Security measures
We use reasonable technical and organizational safeguards described in the Trust and Security page.
Swift Boulder maintains reasonable technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, and disclosure. Current controls are summarized in our Trust and Security page.
§ 07Assistance
We help clients respond to data subject requests, impact assessments, and regulator inquiries when the request relates to our processing.
Taking into account the nature of processing and information available to us, Swift Boulder will provide reasonable assistance for data subject requests, security obligations, data protection impact assessments, and regulator inquiries relating to our processing of client personal data.
§ 08Security incidents
We notify affected clients without undue delay after confirming a personal data incident involving client data.
If Swift Boulder becomes aware of a confirmed security incident involving client personal data, we will notify the affected client without undue delay, provide available information, and take reasonable steps to mitigate harm and support legally required notices.
§ 09Return and deletion
At the end of the engagement, we return, delete, or archive client data as the signed agreement and law require.
Upon termination or expiration of the engagement, Swift Boulder will return or delete client personal data as required by the signed agreement, unless retention is required by law, accounting obligations, dispute preservation, backup systems, or legitimate business records.
§ 10International transfers
Data may be processed in the United States and other countries by us or our vendors with appropriate safeguards where required.
Swift Boulder is based in the United States. Where GDPR, UK GDPR, Swiss FADP, or similar laws require transfer safeguards, the parties will use appropriate mechanisms such as standard contractual clauses, data processing terms, or other lawful transfer tools.
§ 11Contact
DPA questions go to legal@swiftboulder.com.
For legal, privacy, security, or accessibility questions, contact us here:
SWIFT BOULDER LLC
Attn: Legal
1371 Highland Ave
Sheridan, WY 82801
USA
legal@swiftboulder.com
+1 (314) 689-3721