GDPR Compliance

Helptal is built to be used by EU, EEA, UK, and Swiss businesses and addresses the General Data Protection Regulation (GDPR) and equivalent UK and Swiss laws. This page is a short pointer to the documents and facts EU buyers most often need; the binding legal text lives in our Privacy Policy and Data Processing Addendum (DPA). If anything here conflicts with the Privacy Policy or the DPA, the Privacy Policy and DPA govern.

When you use Helptal to support your customers, your business is the controller of the personal data of those end users and Helptal is the processor — we process that data only on your written instructions, set out in the DPA. For data we hold about you as a Helptal account holder (your name, your agents’ emails, your billing information, your account activity), Helptal is the controller, and the legal bases for that processing are described in Section 3 of the Privacy Policy.

Data Processing Addendum (DPA). Incorporates the EU Standard Contractual Clauses (2021) Module 2, the UK International Data Transfer Addendum, and the Swiss adequacy provisions. Lists active sub-processors, categories of data, technical and organisational measures, breach-notification commitments, and assistance with data-subject requests. Request it at [email protected] from the address on file.

Sub-processor list. Published at helptal.com/subprocessors. Thirty (30) days’ advance notice before adding or replacing a sub-processor that processes Workspace content, with a right to terminate if you reasonably object.

Where Workspace content is stored. Singapore. Some sub-processors process specific flows in the United States (edge networking, email delivery, AI inference when enabled). See the sub-processor list and Section 5 of the Privacy Policy.

Transfer mechanisms. Transfers of EU, EEA, UK, or Swiss personal data outside the relevant region are covered by SCCs / UK IDTA / Swiss provisions, supplemented by encryption in transit and at rest, multi-tenant isolation, least-privilege access, and a commitment to challenge over-broad lawful-access requests.

Data-subject rights. Access, rectification, erasure, restriction, objection, portability, and the right to withdraw consent are handled within thirty (30) days. Section 8 of the Privacy Policy has the full process; requests for data we hold as controller go to [email protected]. Where personal data sits inside your workspace, you remain the controller and we assist you in responding.

Breach notification. We notify affected business customers without undue delay and in any case within seventy-two (72) hours of confirmation of a personal-data breach, and assist with your own Article 33 / 34 obligations.

AI features in Helptal are opt-in at the workspace level by an administrator. We do not use Workspace content to train AI models, and our AI sub-processors are contractually prohibited from training their own models on data we route to them. Named providers and what each does are listed on the sub-processor list.

General privacy enquiries and DPA requests: [email protected]
Security incidents and vulnerability disclosure: [email protected]
Legal notices: [email protected]

Evith LLC — 30 N Gould St, Ste R, Sheridan, WY 82801, USA

EU and UK residents may lodge a complaint with their local data-protection supervisory authority.