Data Processing Addendum
Last updated: 10 May 2026 | Applies to B2B customers using Accwisely on behalf of their own clients
This Data Processing Addendum (the "DPA") forms part of the Terms of Service between you ("Customer") and Accwisely.com ("Accwisely") where Customer uses the Service to process personal data on behalf of Customer's own clients (the "End Clients").
This DPA applies where Customer is acting as a data controller in respect of personal data of End Clients, and Accwisely is acting as a data processor (referred to as a "data intermediary" under the PDPA) on Customer's behalf. Where this DPA conflicts with the Terms of Service, this DPA prevails in respect of the processing of personal data.
1. Definitions
- "Personal Data" has the meaning given in the PDPA.
- "Customer Personal Data" means personal data uploaded to or processed through the Service by Customer on behalf of End Clients.
- "Sub-processor" means any third party engaged by Accwisely to process Customer Personal Data.
- "Data Breach" means a breach of security leading to the unauthorised or accidental destruction, loss, alteration, disclosure of, or access to Customer Personal Data.
2. Roles and instructions
Customer is the data controller of Customer Personal Data and is responsible for the lawful basis on which it collects and discloses such data to Accwisely. Accwisely processes Customer Personal Data only as a data intermediary, on Customer's documented instructions, which are deemed to consist of (a) the Terms of Service, (b) this DPA, and (c) Customer's actual use of the Service.
Accwisely will inform Customer if, in its opinion, an instruction infringes the PDPA or other applicable law, but is not obliged to perform legal review of Customer's instructions.
3. Subject matter and scope
- Subject matter of processing: provision of the Service to Customer.
- Duration: for the term of Customer's account with Accwisely, plus any retention period set out in the Privacy Policy.
- Nature and purpose: processing of trial balance data and related information to generate draft financial statements.
- Categories of personal data: identifying information of End Clients' directors, officers, and employees as appearing in the trial balance and supporting input.
- Categories of data subjects: End Clients' directors, officers, employees, and where applicable shareholders.
4. Confidentiality
Accwisely ensures that personnel authorised to process Customer Personal Data are bound by confidentiality obligations and have received appropriate training.
5. Security
Accwisely maintains reasonable administrative, technical, and physical safeguards designed to protect Customer Personal Data against unauthorised or unlawful processing, accidental loss, destruction, damage, or alteration. These safeguards include access controls, encryption in transit, password hashing, and operational logging.
6. Sub-processors
Customer authorises Accwisely to engage Sub-processors for the provision of the Service. Current Sub-processors include the hosting and database provider Supabase Inc. and Cloudflare, Inc. (email forwarding via Email Routing). A current list of Sub-processors is available on request.
Accwisely will give Customer reasonable advance notice (where reasonably practicable, at least thirty (30) days) before engaging a new Sub-processor and will give Customer the opportunity to object on reasonable grounds. If Customer reasonably objects, the parties will work in good faith to find a solution; if no solution is found, Customer's sole remedy is to terminate the affected portion of the Service.
Accwisely remains liable for the acts and omissions of its Sub-processors as if they were its own.
7. Data subject rights
Accwisely will, taking into account the nature of the processing, provide reasonable assistance to Customer to enable Customer to respond to access, correction, and other requests from data subjects of End Clients. Accwisely will not respond directly to such requests unless legally required, but will redirect requests received directly to Customer where the requester can be identified as relating to a Customer account.
8. Data Breach notification
Accwisely will notify Customer without undue delay, and in any event within seventy-two (72) hours of becoming aware, of any Data Breach affecting Customer Personal Data. The notification will include, to the extent reasonably available, the nature of the breach, the categories and approximate number of data subjects affected, the likely consequences, and the measures taken or proposed to address the breach.
9. Cross-border transfer
Customer Personal Data may be transferred to and processed in jurisdictions outside Singapore where Accwisely's Sub-processors are located. Accwisely takes reasonable steps to ensure that any such transfer is subject to enforceable obligations to provide a standard of protection comparable to the PDPA, in accordance with PDPA section 26.
10. Audit
Customer may, on reasonable prior notice and not more than once in any twelve-month period, request a summary of Accwisely's security and data protection controls for the purpose of verifying compliance with this DPA. Accwisely will respond with reasonable information including, where applicable, summaries of any independent third-party audit reports.
11. Return and deletion on termination
On termination of Customer's account, Accwisely will delete or return all Customer Personal Data within a reasonable period, save where retention is required by law. De-identified or aggregated data derived from Customer Personal Data may be retained.
12. Liability
Liability under this DPA is governed by the limitation-of-liability clause in the Terms of Service.