Data Processing Agreement

For B2B customers · UK GDPR Article 28

Overview

When your organisation uses SiteSinc, you are the data controller and SiteSinc acts as your data processor for personal data uploaded to the platform, including Project Assistant (AI chat) processing.

Our Data Processing Agreement (DPA) sets out processor obligations under UK GDPR Article 28, including security measures, subprocessor controls, international transfer safeguards, breach notification, and assistance with data subject rights.

Key processor commitments

  • Process personal data only on your documented instructions
  • Ensure confidentiality of personnel with data access
  • Implement appropriate technical and organisational security measures
  • Engage subprocessors only under GDPR-compliant contracts (see our subprocessor register)
  • Assist with data subject access, erasure, and portability requests
  • Notify you of personal data breaches within 72 hours
  • Delete or return data within 30 days of account termination

AI processing

Project Assistant sends chat messages and retrieved project context to our AI subprocessors OpenAI (embeddings) and xAI (response generation) in the United States. Transfers are protected by UK IDTA / Standard Contractual Clauses. Project mailbox content indexed for AI search has sender details and inline email addresses redacted.

Optional personal Outlook mailbox integrations (when enabled by your organisation and connected by a user) store indexed email in SiteSinc for that user only. It may be used for private AI search and follow-up suggestions; thread excerpts may be sent to xAI for analysis. Users can disconnect and delete synced mailbox data at any time. OneDrive / SharePoint integrations process files a user explicitly attaches or imports; authentication uses Microsoft Graph under Microsoft's terms.

Request a signed DPA

Enterprise customers and organisations requiring a countersigned agreement should contact our Data Protection Officer. We will provide the full DPA template for review and execution.

Email: dpo@sitesinc.co.uk

SiteSinc — Construction Management Software for Drawings, RFIs & Site Logs