Privacy & GDPR

Data Processing Addendum

Processing terms that apply when JWaves handles personal data on behalf of a customer.

JWAVES Data Processing Addendum

Effective Date: March 24, 2026

This Data Processing Addendum ("DPA") forms part of the JWAVES Terms of Service. It applies when JWaves processes personal data on behalf of a customer in connection with the Services.

1. Roles

For the processing covered by this DPA:

  • the customer acts as controller, or as processor on behalf of its own customer, and
  • JWaves acts as processor, or sub-processor where the customer is itself a processor.

The customer is responsible for ensuring that it has authority to instruct JWaves and that personal data is lawfully disclosed to JWaves.

2. Scope and purpose of processing

JWaves processes personal data only to:

  • provide and operate the Services,
  • secure, maintain, and support the Services,
  • manage billing and account administration, and
  • prevent abuse and unlawful use.

JWaves will process personal data only on documented instructions from the customer, unless required to do otherwise by applicable law.

3. Confidentiality

JWaves ensures that personnel authorized to process personal data are subject to confidentiality obligations.

4. Security measures

JWaves implements technical and organizational measures appropriate to the nature of the processing and the risks involved. These measures include, as appropriate:

  • access controls,
  • credential protection,
  • encrypted transport,
  • logging and security monitoring,
  • backup and recovery measures, and
  • role-based administrative access.

5. Assistance

Taking into account the nature of the processing, JWaves will provide reasonable assistance to help the customer:

  • respond to data subject requests,
  • investigate and manage personal-data incidents,
  • perform data-protection impact assessments where required, and
  • address regulator inquiries that relate directly to JWaves's processing of customer personal data.

6. Personal data breaches

JWaves will notify the customer without undue delay after becoming aware of a personal data breach affecting customer personal data and will provide available information reasonably necessary to support the customer's response obligations.

7. Sub-processors

JWaves may use sub-processors to operate the Services, such as infrastructure, hosting, email, or support providers.

JWaves will impose data-protection obligations on sub-processors that are materially consistent with this DPA.

JWaves will maintain a current sub-processor list and will make it available on request until a public sub-processor page is published.

8. International transfers

Customer personal data may be processed in the jurisdictions where JWaves or its sub-processors operate.

Where personal data is transferred outside the EEA, UK, or Switzerland without an applicable adequacy decision, JWaves will use appropriate safeguards such as Standard Contractual Clauses or other lawful transfer mechanisms.

9. Data subject requests

If JWaves receives a data subject request directly relating to customer personal data, JWaves may:

  • direct the requester to the customer where appropriate, and
  • notify the customer, unless prohibited by law.

The customer remains responsible for responding to data subject requests unless applicable law requires JWaves to respond directly.

10. Deletion and return

Upon termination of the Services, JWaves will delete or return customer personal data within the ordinary retention and deletion processes of the service, except where retention is required by law, necessary for security records, or retained in routine backups for a limited period.

11. Audit information

JWaves will make available information reasonably necessary to demonstrate compliance with this DPA.

Any audit or review must be reasonable, proportionate, and structured to avoid unnecessary disruption, duplication, or exposure of other customers' confidential information.

12. Liability and precedence

Liability under this DPA is subject to the liability framework set out in the Terms or the applicable enterprise order, to the extent permitted by law.

If there is a conflict between this DPA and the Terms with respect to data-processing obligations, this DPA controls for those matters.

Annex 1 — Processing details

Subject matter

Provision of predictive DECT and Wi-Fi planning services, reporting, and optional site-survey tooling.

Duration

For the applicable subscription term, plus any limited retention period required for export, recovery, security, billing, or legal compliance.

Nature of processing

Hosting, storage, organization, display, export, deletion, troubleshooting, and support access as needed to operate the Services.

Purpose

Providing the Services, securing the Services, supporting customers, administering subscriptions, and preventing abuse.

Categories of data subjects

Typical categories may include:

  • customer administrators,
  • authorized users,
  • personnel whose names or roles appear in uploaded project materials, and
  • persons whose identifiers are included by the customer in notes or annotations.

Categories of personal data

Typical categories may include:

  • name,
  • business email address,
  • organization and role,
  • authentication and usage logs,
  • IP addresses,
  • site metadata,
  • annotations or project notes that may contain personal data if uploaded by the customer.