Privacy Policy

1. Roles

For data inside a tenant (payment requests, approval records, user profiles), the customer organization is the data controller and DPAS acts as a data processor. For data we collect directly — such as a demo request submitted on this website — DPAS is the controller.

2. Data we handle

Within the application: user account details (name, email, role), payment-request content entered by users, approval decisions, attached documents, and audit-log entries.

From this website: the name, work email, organization, and message you submit when requesting a demo or contacting sales, plus standard server logs.

3. Why we process it

Application data is processed solely to provide the service to the customer organization. Website contact data is processed to respond to your enquiry and arrange a demo. We do not sell personal data.

4. Subprocessors

We rely on a small set of infrastructure providers to operate the service. The current list is published on the Data Processing Agreement page and is kept up to date.

5. Retention

Application data is retained for the life of the customer's subscription and as instructed by the customer. Website enquiry data is retained only as long as needed to handle the enquiry and any resulting relationship.

6. Your rights

Individuals have rights of access, correction, and erasure regarding their personal data, subject to applicable law. For application data, please contact the customer organization that controls it; we support that organization with a data-erasure path. For website data we hold directly, contact our privacy address.

7. Security

We apply tenant isolation, hardened access rules, encrypted transport, and audit logging. See the Security page for the full posture.

8. Contact and changes

Questions about this policy can be sent to our privacy address. We may update this policy; material changes will be communicated and the effective date above will change.

Current subprocessors