Skip to content

Legal

Data Processing Addendum

Last updated: May 13, 2026

Note for operators: Placeholder DPA. Replace with one drafted by counsel that maps to your actual sub-processor list and customer obligations (GDPR Article 28 SCCs as needed).

Roles

You are the data controller. WeBelieve is the data processor. We process customer data only on your documented instructions.

Sub-processors

Current sub-processors as of the date above:

  • Stripe — payment processing
  • Cloudflare — infrastructure (Pages, D1, Workers)
  • Resend — transactional email

We will notify you of new sub-processors in advance and allow a reasonable objection window.

Security

Encryption in transit (TLS 1.3) and at rest (AES-256). Audit log capability. Least-privilege access. Full security posture lives on the Security page.

Data subject requests

We assist you in responding to data subject requests at no additional cost.

Term and deletion

On termination, we delete or return customer data within 30 days unless retention is required by law.

To sign this DPA for your subscription, email hello@webelievesoftware.com.