Legal

Data Privacy

This DPA governs how DataBridge Ops handles your data during and after a build engagement. It accompanies the Terms of Service and is effective from the date of build payment. Version 2.0 covers both DataBridge Ops products: the Ops Intelligence system (OpsIntel) and the ShiftLog — OT and Leave Filing. Where processing differs materially between products, each section states the applicable product explicitly.

Product Scope

Which Product This DPA Covers

DataBridge Ops currently offers two products. Each involves different infrastructure, different data categories, and different sub-processors. This DPA applies to both. The product you purchased determines which rows and clauses are operative for your engagement.

Product What it does Primary data processed
OpsIntel Automated reporting and on-demand query system for outsourced teams Aggregate operational metrics from the Client's spreadsheets (volumes, throughput, error rates). Not individually identifiable employee data unless present in source files.
ShiftLog — OT and Leave Filing Overtime and leave filing, approval, and computation system for shift-based teams Individual employee records: names, employee IDs, leave requests, overtime hours, computed pay figures. This is personal data within the meaning of applicable privacy law.
ShiftLog clients should read this DPA carefully. Processing individual employee overtime and pay data carries meaningfully higher obligations than processing aggregate team metrics. Clients in regulated jurisdictions (EU, UK, California) should have legal counsel review this DPA before proceeding.
Data Controller
The Client
The company or individual purchasing the DataBridge Ops build.
Data Processor
DataBridge Ops
Independent operation, Republic of the Philippines.
Contents
  1. -- Product Scope
  2. 01 Nature of Processing
  3. 02 Data Categories Processed
  4. 03 Sub-Processors
  5. 04 Data Retention and Deletion
  6. 05 Security Measures
  7. 06 Data Breach Notification
  8. 07 Client Obligations
  9. 08 International Data Transfers
  10. 09 Audit Rights
  11. 10 Term
Section 01

Nature of Processing

OpsIntel

DataBridge Ops accesses Client data for the following purposes only: reading operational metrics from specified Google Sheets or Excel files to configure and test the automation system; passing operational data through the n8n automation layer to generate reports and query responses; transmitting report outputs to the Client's specified Slack, Microsoft Teams, or Google Chat workspace, or email address; and processing plain-language queries through the Claude API to generate L3 intelligence responses.

DataBridge Ops does not process personal data of the Client's end customers under OpsIntel. The data processed consists of operational metrics: workflow volumes, headcount figures, processing speeds, error rates, and similar operational indicators.

ShiftLog — OT and Leave Filing

DataBridge Ops processes Client employee data for the following purposes only: storing and retrieving employee leave and overtime filing records submitted through the filing interface; running overtime, night differential, and holiday pay computations against those records using the configured jurisdiction ruleset; presenting filing and approval status to authorised managers; and generating payroll-ready export reports for Client use.

ShiftLog processes personal data. Employee names, overtime hours, leave types, approval records, and computed pay figures are individually identifiable personal data. DataBridge Ops acts as a Data Processor for this data. The Client remains the Data Controller and is responsible for ensuring it has lawful basis to collect, store, and process this data, and to share it with DataBridge Ops.
Section 02

Data Categories Processed

OpsIntel

Category Examples Basis
Operational metrics Volume processed, remaining work, error rates, throughput Contractual necessity
Team headcount data Active/inactive counts (not named individuals unless present in source data) Contractual necessity
Workflow configuration Workflow names, metric definitions, reporting structure Contractual necessity
Client contact info Name, work email, company name Contractual necessity
Note on named individuals (OpsIntel): If Client's source files contain named individuals alongside productivity metrics, DataBridge Ops processes this only as necessary to configure the System. DataBridge Ops recommends anonymising individual-level data where possible. If named individuals are EU residents, GDPR applies and Client is responsible for ensuring appropriate lawful basis for sharing this data with DataBridge Ops.

ShiftLog — OT and Leave Filing

Category Examples Basis
Employee identity data Full name, employee ID, department, role designation Contractual necessity
Leave filing records Leave type, dates requested, approval status, approver name Contractual necessity
Overtime filing records OT hours filed, shift date and time, reason for OT, approval status Contractual necessity
Computed pay figures OT premium amounts, night differential, holiday pay, total computed entitlement per period Contractual necessity
Shift and schedule data Shift start/end times, rest day assignments, applicable holiday calendar Contractual necessity
Client contact info Admin and manager names, work email addresses, company name Contractual necessity
ShiftLog processes sensitive employment data. Computed pay figures and leave records may constitute sensitive personal data under applicable law. The following apply:
  • Client is the Data Controller. DataBridge Ops is the Data Processor. Client must have a valid lawful basis (typically contractual necessity under the employment relationship) to process and share this data.
  • Client is responsible for notifying its employees that their overtime and leave data is processed through a third-party system (DataBridge Ops) for the purpose of filing, approval, and computation.
  • DataBridge Ops does not use employee data for any purpose other than operating the filing system for the Client that purchased it.
  • Employee data is never shared across clients. Standard tier isolation is enforced by database-level Row Level Security policies, not application logic alone.
Section 03

Sub-Processors

DataBridge Ops uses the following sub-processors. Client acknowledges and accepts their involvement by proceeding with the build. Only the sub-processors marked for your product apply to your engagement.

OpsIntel

Service Purpose Location
n8n (self-hosted) Automation layer. Runs on DataBridge Ops' VPS or Client's own infrastructure at handoff. No third-party data access. DataBridge Ops' VPS or Client-owned
Anthropic (Claude API) L3 query processing. Query inputs only, no persistent storage by DataBridge Ops. United States
Google LLC (Sheets API) Data source access, read-only United States
Salesforce (Slack API) Report delivery. Used if Client selects Slack. United States
Microsoft (Teams API) Report delivery. Used if Client selects Teams. United States
Google LLC (Chat API) Report delivery. Used if Client selects Google Chat. United States
VPS Provider Infrastructure hosting for n8n instance. Provider disclosed at build start. Varies by provider

ShiftLog — OT and Leave Filing

Service Purpose Location
Supabase (Postgres + Auth) Primary database and authentication layer. Stores employee filing records, OT computations, and approval records. Standard tier: shared project with Row Level Security isolation. Dedicated tier: Client's own isolated Supabase project. United States (AWS us-east-1 by default)
Cloudflare Pages / Workers Application hosting and delivery. Serves the filing interface and API layer. Does not store Client data. Global CDN (Cloudflare network)
Lemon Squeezy or Paddle Payment processing as Merchant of Record. Processes payment at purchase. Does not receive or store employee data. United States
Note on Standard vs Dedicated tier (ShiftLog): Standard tier clients share a Supabase project with other clients. Data isolation is enforced by Postgres Row Level Security policies at the database layer, which prevents any client from accessing another client's rows. Dedicated tier clients have their own Supabase project entirely, with no shared infrastructure at the database level. If your organisation requires contractual database-level isolation guarantees beyond what RLS provides, choose the Dedicated tier.

DataBridge Ops will notify Client of any new sub-processors added during the engagement, with a minimum of 14 days notice.

Section 04

Data Retention and Deletion

OpsIntel

Data Type Retention Notes
Client operational data Not stored, processed in real time only Never copied to DataBridge Ops storage
n8n workflow run logs 30 days Auto-purge configured in n8n
Claude API query inputs Not stored by DataBridge Ops Anthropic's retention policy applies
Client contact information Engagement + 90 days Deleted on request at any time
Build configuration files Until handoff confirmed Deleted within 30 days of handoff
Payment information Not stored by DataBridge Ops Handled by Lemon Squeezy or Paddle as Merchant of Record

ShiftLog — OT and Leave Filing

Data Type Retention Notes
Employee filing records (leave and OT) Active for the duration of the engagement Retained in Supabase while the system is in use. Client may export at any time via the built-in export function.
Computed pay figures Active for the duration of the engagement Stored alongside filing records. Retained to support payroll reconciliation. Payroll system remains the system of record.
Employee data after engagement ends Deleted within 30 days of engagement termination Client receives a final data export before deletion on request. DataBridge Ops initiates deletion on confirmation of engagement end.
Client admin and manager accounts Engagement + 30 days Supabase Auth records deleted. Deleted on request at any time.
Build configuration and jurisdiction ruleset Duration of engagement Deleted or transferred at handoff per Client's instruction.
Payment information Not stored by DataBridge Ops Handled by Lemon Squeezy or Paddle as Merchant of Record
Note on statutory record retention (ShiftLog): Philippine labor law (DOLE) requires employers to retain payroll and time records for a minimum of three years. DataBridge Ops' system assists filing and computation; the Client is responsible for maintaining its own records per statutory requirements. DataBridge Ops recommends exporting records periodically and retaining them in the Client's own systems, not relying solely on DataBridge Ops' storage for statutory compliance purposes.

DataBridge Ops will process verified deletion requests within 10 business days.

Section 05

Security Measures

Technical measures applied to all builds:

HTTPS-only access to all DataBridge Ops-managed infrastructure · API credentials and secrets stored as environment variables, never hardcoded · Access credentials revoked on engagement end · Security checklist completed and stored per build.

Additional measures — OpsIntel:

Read-only API access to Client data sources by default · Authentication required on all n8n instances · VPS OS security patches applied regularly · Workflow run logs purged after 30 days · All data access documented in Client's Notion portal before build begins.

Additional measures — ShiftLog:

Row Level Security (RLS) enforced at the Postgres database layer on all tables holding Client employee data, scoped by company identifier · Standard tier: RLS policies prevent any authenticated user from accessing rows belonging to a different company at the database level, independent of application logic · Dedicated tier: Client data resides in an entirely separate Supabase project with no shared database infrastructure · Supabase Auth used for all employee and manager authentication; passwords are never stored by DataBridge Ops directly · Employee role separation (employee vs. manager permissions) enforced at both application and database policy levels · Employee data accessible only to authenticated users within the same Client organisation.

Organisational measures (all products):

Data access scoped to minimum required · Security checklist completed per build · Access credentials revoked on engagement end.

Section 06

Data Breach Notification

In the event DataBridge Ops identifies or suspects a data breach affecting Client data, DataBridge Ops will notify Client via email within 24 hours of identification, provide a written incident summary covering the nature of the breach, data categories affected, likely consequences, and measures taken, and cooperate with Client in any required notifications to supervisory authorities or data subjects.

Section 07

Client Obligations as Data Controller

All Clients are responsible for: ensuring they have lawful basis to share data with DataBridge Ops; informing DataBridge Ops if any data source contains personal data of EU residents, California residents, or other specially protected categories; notifying DataBridge Ops immediately if they become aware of any security incident affecting systems connected to the DataBridge Ops build; and ensuring their own use of the System's outputs complies with applicable law.

Additional obligations — ShiftLog Clients:

ShiftLog Clients additionally are responsible for: notifying employees whose data will be processed through the DataBridge Ops ShiftLog system, including the fact that overtime records, leave filings, and computed pay figures are stored in a third-party system operated by DataBridge Ops; ensuring that the processing of employee data through DataBridge Ops complies with the Client's obligations under applicable employment law, including the Philippine Labor Code where applicable; not uploading special categories of personal data (health conditions, disciplinary records, union membership) into the filing system unless separately agreed in writing; ensuring managers who are granted approval access are authorised to view the employee records accessible to them under their role; and notifying DataBridge Ops promptly when an employee's access should be revoked (e.g. upon resignation or role change).

Section 08

International Data Transfers

DataBridge Ops is based in the Philippines.

OpsIntel: Anthropic, Google, Microsoft, and Salesforce (Slack) process data in the United States.

ShiftLog: Supabase stores data in the United States (AWS us-east-1 by default). Cloudflare's network is global. Lemon Squeezy and Paddle process payments in the United States. Employee personal data submitted through the filing interface transits to and is stored in the United States via Supabase.

By proceeding with the build, Client acknowledges these transfers and confirms they have assessed the transfer mechanisms applicable to their situation. For UK and EU Clients: DataBridge Ops relies on the legitimate interest basis for B2B processing and will execute Standard Contractual Clauses (SCCs) upon Client request. For ShiftLog UK and EU Clients processing employee data: SCCs are recommended given the nature of the data and Client should request these before go-live.

Section 09

Audit Rights

Client may request confirmation of DataBridge Ops' compliance with this DPA by emailing build@databridgeops.com. DataBridge Ops will respond within 10 business days with documentation of current security measures. On-site audits are not available given the remote nature of the engagement.

Section 10

Term

This DPA is effective from the date of build payment and remains in effect until all Client data has been deleted per Section 04, or until replaced by a superseding DPA agreed by both parties.

This DPA is provided in good faith for a lean B2B services operation. It is not a substitute for legal advice. ShiftLog Clients processing individual employee overtime and pay data should treat this DPA as a starting point, not a complete compliance solution. Clients in regulated jurisdictions (GDPR, HIPAA, Philippine Data Privacy Act, California CCPA) should have their legal counsel review this DPA before proceeding.

Data protection queries

build@databridgeops.com

Response within 2 business days · No calls