This DPA governs how DataBridge Ops handles your data during and after a build engagement. It accompanies the Terms of Service and is effective from the date of build payment. Version 2.0 covers both DataBridge Ops products: the Ops Intelligence system (OpsIntel) and the ShiftLog — OT and Leave Filing. Where processing differs materially between products, each section states the applicable product explicitly.
DataBridge Ops currently offers two products. Each involves different infrastructure, different data categories, and different sub-processors. This DPA applies to both. The product you purchased determines which rows and clauses are operative for your engagement.
| Product | What it does | Primary data processed |
|---|---|---|
| OpsIntel | Automated reporting and on-demand query system for outsourced teams | Aggregate operational metrics from the Client's spreadsheets (volumes, throughput, error rates). Not individually identifiable employee data unless present in source files. |
| ShiftLog — OT and Leave Filing | Overtime and leave filing, approval, and computation system for shift-based teams | Individual employee records: names, employee IDs, leave requests, overtime hours, computed pay figures. This is personal data within the meaning of applicable privacy law. |
OpsIntel
DataBridge Ops accesses Client data for the following purposes only: reading operational metrics from specified Google Sheets or Excel files to configure and test the automation system; passing operational data through the n8n automation layer to generate reports and query responses; transmitting report outputs to the Client's specified Slack, Microsoft Teams, or Google Chat workspace, or email address; and processing plain-language queries through the Claude API to generate L3 intelligence responses.
ShiftLog — OT and Leave Filing
DataBridge Ops processes Client employee data for the following purposes only: storing and retrieving employee leave and overtime filing records submitted through the filing interface; running overtime, night differential, and holiday pay computations against those records using the configured jurisdiction ruleset; presenting filing and approval status to authorised managers; and generating payroll-ready export reports for Client use.
OpsIntel
| Category | Examples | Basis |
|---|---|---|
| Operational metrics | Volume processed, remaining work, error rates, throughput | Contractual necessity |
| Team headcount data | Active/inactive counts (not named individuals unless present in source data) | Contractual necessity |
| Workflow configuration | Workflow names, metric definitions, reporting structure | Contractual necessity |
| Client contact info | Name, work email, company name | Contractual necessity |
ShiftLog — OT and Leave Filing
| Category | Examples | Basis |
|---|---|---|
| Employee identity data | Full name, employee ID, department, role designation | Contractual necessity |
| Leave filing records | Leave type, dates requested, approval status, approver name | Contractual necessity |
| Overtime filing records | OT hours filed, shift date and time, reason for OT, approval status | Contractual necessity |
| Computed pay figures | OT premium amounts, night differential, holiday pay, total computed entitlement per period | Contractual necessity |
| Shift and schedule data | Shift start/end times, rest day assignments, applicable holiday calendar | Contractual necessity |
| Client contact info | Admin and manager names, work email addresses, company name | Contractual necessity |
DataBridge Ops uses the following sub-processors. Client acknowledges and accepts their involvement by proceeding with the build. Only the sub-processors marked for your product apply to your engagement.
OpsIntel
| Service | Purpose | Location |
|---|---|---|
| n8n (self-hosted) | Automation layer. Runs on DataBridge Ops' VPS or Client's own infrastructure at handoff. No third-party data access. | DataBridge Ops' VPS or Client-owned |
| Anthropic (Claude API) | L3 query processing. Query inputs only, no persistent storage by DataBridge Ops. | United States |
| Google LLC (Sheets API) | Data source access, read-only | United States |
| Salesforce (Slack API) | Report delivery. Used if Client selects Slack. | United States |
| Microsoft (Teams API) | Report delivery. Used if Client selects Teams. | United States |
| Google LLC (Chat API) | Report delivery. Used if Client selects Google Chat. | United States |
| VPS Provider | Infrastructure hosting for n8n instance. Provider disclosed at build start. | Varies by provider |
ShiftLog — OT and Leave Filing
| Service | Purpose | Location |
|---|---|---|
| Supabase (Postgres + Auth) | Primary database and authentication layer. Stores employee filing records, OT computations, and approval records. Standard tier: shared project with Row Level Security isolation. Dedicated tier: Client's own isolated Supabase project. | United States (AWS us-east-1 by default) |
| Cloudflare Pages / Workers | Application hosting and delivery. Serves the filing interface and API layer. Does not store Client data. | Global CDN (Cloudflare network) |
| Lemon Squeezy or Paddle | Payment processing as Merchant of Record. Processes payment at purchase. Does not receive or store employee data. | United States |
DataBridge Ops will notify Client of any new sub-processors added during the engagement, with a minimum of 14 days notice.
OpsIntel
| Data Type | Retention | Notes |
|---|---|---|
| Client operational data | Not stored, processed in real time only | Never copied to DataBridge Ops storage |
| n8n workflow run logs | 30 days | Auto-purge configured in n8n |
| Claude API query inputs | Not stored by DataBridge Ops | Anthropic's retention policy applies |
| Client contact information | Engagement + 90 days | Deleted on request at any time |
| Build configuration files | Until handoff confirmed | Deleted within 30 days of handoff |
| Payment information | Not stored by DataBridge Ops | Handled by Lemon Squeezy or Paddle as Merchant of Record |
ShiftLog — OT and Leave Filing
| Data Type | Retention | Notes |
|---|---|---|
| Employee filing records (leave and OT) | Active for the duration of the engagement | Retained in Supabase while the system is in use. Client may export at any time via the built-in export function. |
| Computed pay figures | Active for the duration of the engagement | Stored alongside filing records. Retained to support payroll reconciliation. Payroll system remains the system of record. |
| Employee data after engagement ends | Deleted within 30 days of engagement termination | Client receives a final data export before deletion on request. DataBridge Ops initiates deletion on confirmation of engagement end. |
| Client admin and manager accounts | Engagement + 30 days | Supabase Auth records deleted. Deleted on request at any time. |
| Build configuration and jurisdiction ruleset | Duration of engagement | Deleted or transferred at handoff per Client's instruction. |
| Payment information | Not stored by DataBridge Ops | Handled by Lemon Squeezy or Paddle as Merchant of Record |
DataBridge Ops will process verified deletion requests within 10 business days.
Technical measures applied to all builds:
HTTPS-only access to all DataBridge Ops-managed infrastructure · API credentials and secrets stored as environment variables, never hardcoded · Access credentials revoked on engagement end · Security checklist completed and stored per build.
Additional measures — OpsIntel:
Read-only API access to Client data sources by default · Authentication required on all n8n instances · VPS OS security patches applied regularly · Workflow run logs purged after 30 days · All data access documented in Client's Notion portal before build begins.
Additional measures — ShiftLog:
Row Level Security (RLS) enforced at the Postgres database layer on all tables holding Client employee data, scoped by company identifier · Standard tier: RLS policies prevent any authenticated user from accessing rows belonging to a different company at the database level, independent of application logic · Dedicated tier: Client data resides in an entirely separate Supabase project with no shared database infrastructure · Supabase Auth used for all employee and manager authentication; passwords are never stored by DataBridge Ops directly · Employee role separation (employee vs. manager permissions) enforced at both application and database policy levels · Employee data accessible only to authenticated users within the same Client organisation.
Organisational measures (all products):
Data access scoped to minimum required · Security checklist completed per build · Access credentials revoked on engagement end.
In the event DataBridge Ops identifies or suspects a data breach affecting Client data, DataBridge Ops will notify Client via email within 24 hours of identification, provide a written incident summary covering the nature of the breach, data categories affected, likely consequences, and measures taken, and cooperate with Client in any required notifications to supervisory authorities or data subjects.
All Clients are responsible for: ensuring they have lawful basis to share data with DataBridge Ops; informing DataBridge Ops if any data source contains personal data of EU residents, California residents, or other specially protected categories; notifying DataBridge Ops immediately if they become aware of any security incident affecting systems connected to the DataBridge Ops build; and ensuring their own use of the System's outputs complies with applicable law.
Additional obligations — ShiftLog Clients:
ShiftLog Clients additionally are responsible for: notifying employees whose data will be processed through the DataBridge Ops ShiftLog system, including the fact that overtime records, leave filings, and computed pay figures are stored in a third-party system operated by DataBridge Ops; ensuring that the processing of employee data through DataBridge Ops complies with the Client's obligations under applicable employment law, including the Philippine Labor Code where applicable; not uploading special categories of personal data (health conditions, disciplinary records, union membership) into the filing system unless separately agreed in writing; ensuring managers who are granted approval access are authorised to view the employee records accessible to them under their role; and notifying DataBridge Ops promptly when an employee's access should be revoked (e.g. upon resignation or role change).
DataBridge Ops is based in the Philippines.
OpsIntel: Anthropic, Google, Microsoft, and Salesforce (Slack) process data in the United States.
ShiftLog: Supabase stores data in the United States (AWS us-east-1 by default). Cloudflare's network is global. Lemon Squeezy and Paddle process payments in the United States. Employee personal data submitted through the filing interface transits to and is stored in the United States via Supabase.
By proceeding with the build, Client acknowledges these transfers and confirms they have assessed the transfer mechanisms applicable to their situation. For UK and EU Clients: DataBridge Ops relies on the legitimate interest basis for B2B processing and will execute Standard Contractual Clauses (SCCs) upon Client request. For ShiftLog UK and EU Clients processing employee data: SCCs are recommended given the nature of the data and Client should request these before go-live.
Client may request confirmation of DataBridge Ops' compliance with this DPA by emailing build@databridgeops.com. DataBridge Ops will respond within 10 business days with documentation of current security measures. On-site audits are not available given the remote nature of the engagement.
This DPA is effective from the date of build payment and remains in effect until all Client data has been deleted per Section 04, or until replaced by a superseding DPA agreed by both parties.