QuickHitchQuickHitch
Sign inStart free trial
Trust center

Data Processing Addendum

Last updated May 2026
This Data Processing Addendum forms part of the Terms of Service when you process personal data through QuickHitch and are subject to applicable data protection law, including the EU General Data Protection Regulation, the UK GDPR, and the California Consumer Privacy Act. This is an interim version and will be updated after legal review prior to general availability.

Roles

You are the data controller of any personal data you upload to QuickHitch. QuickHitch acts as the data processor and processes personal data only on your documented instructions, which include the configuration choices you make in the product.

Scope

This DPA applies to personal data that you, as controller, provide to QuickHitch when using the service. Categories of data may include customer names and contact details on invoices and AR aging reports, vendor names on AP reports, and employee names if you upload payroll documents.

Subprocessors

You authorize QuickHitch to use the subprocessors listed in our privacy policy to provide the service. We bind each subprocessor to data protection obligations no less protective than this DPA. We will notify customers of material subprocessor changes with at least 30 days advance notice.

Security measures

QuickHitch maintains the technical and organizational measures described in our security page, including encryption in transit and at rest, tenant isolation, and least-privilege access controls.

International transfers

Customer data is processed in the United States. For transfers of EU or UK personal data to the United States, QuickHitch relies on the EU and UK Standard Contractual Clauses, incorporated by reference into this DPA.

Data subject requests

QuickHitch will reasonably assist you in responding to data subject requests (access, correction, deletion, portability, objection). Requests addressed directly to QuickHitch will be forwarded to you without undue delay.

Breach notification

QuickHitch will notify you without undue delay, and in any event within 72 hours of becoming aware of a personal data breach affecting your data, with the information then available and a plan for remediation.

Audit

Upon reasonable request and subject to confidentiality, QuickHitch will provide information necessary to demonstrate compliance with this DPA, including third-party audit reports when available.

Termination

On termination of the service, QuickHitch will, at your direction, delete or return all personal data within 30 days, unless retention is required by applicable law.

Signing the DPA

A countersigned copy of the DPA is available on request. Email legal@quickhitch.app.