Naar hoofdinhoud
NederlandsEnglish

Data Processing Agreement (DPA)

This DPA forms part of the Beetle Terms and applies to the extent Beetle processes personal data on your behalf while providing the service (Article 28 GDPR). You act as controller; Beetle acts as processor. Questions: info@boschlogic.nl.

1. Subject matter and duration

Beetle processes personal data solely to provide the service: creating, sending, displaying and tracking proposals and the associated features (analytics, leads, integrations). Processing lasts for the duration of your account and ends on termination, after which data is deleted in accordance with section 7.

2. Nature, purpose and categories

Data subjects: your proposal recipients (prospects/clients) and your team members. Categories of personal data: name, company name, email address, billing address, acceptance signature, and proposal view statistics (time, duration, device type). No special categories of personal data are processed; you must not include such data in proposals.

3. Instructions

Beetle processes only on your documented instructions — your configuration and use of the service constitute those instructions — unless required otherwise by law, in which case we inform you beforehand unless the law prohibits it.

4. Confidentiality and security

Persons with access to personal data are bound by confidentiality. Beetle implements appropriate technical and organizational measures, including: encryption in transit (TLS) and of integration tokens (AES-256-GCM), password hashing (Argon2id), role-based access control with tenant isolation, audit logging with pseudonymized IP addresses, daily backups and a documented restore procedure that is periodically exercised.

5. Sub-processors

You grant general authorization for the following sub-processors. Beetle imposes equivalent obligations on them and remains responsible to you. We give prior notice of intended changes; you may object on reasonable grounds within 30 days.

Integrations you enable yourself (such as Moneybird or HubSpot) are governed by your own agreement with that provider; Beetle only transmits data there on your instruction.

6. Assistance and breach notification

Taking the nature of the processing into account, Beetle assists you with data-subject requests (access, rectification, erasure — the service includes self-service tooling for these, including data export and erasing or anonymizing client data) and with your security and notification obligations. We notify you of a personal-data breach without undue delay, with the information you need for a notification to your supervisory authority.

7. Deletion and return

On termination Beetle deletes the personal data unless a statutory retention duty applies. Before termination you can export your data using the in-service export. Retention periods for logs and statistics are described in the Privacy statement.

8. Audits

Beetle makes available the information reasonably necessary to demonstrate compliance with Article 28 GDPR and contributes to audits, at most once per year, at your expense and on reasonable notice, to the extent they do not affect the security of other customers.

9. Transfers outside the EEA

Processing takes place primarily within the EEA. Where a sub-processor processes data outside the EEA, this occurs under an adequacy decision or the European Commission's Standard Contractual Clauses.

Last updated: 2026-07-09