Last updated: April 25, 2026
This Data Processing Agreement ("DPA") forms part of the Terms of Service between SendGlance ("Processor") and the customer ("Controller") and applies where SendGlance processes personal data on the Controller's behalf under GDPR.
"Personal Data", "Processing", "Data Subject", "Controller", and "Processor" have the meanings given in the GDPR (Regulation (EU) 2016/679).
SendGlance processes personal data (subscriber emails, push tokens, device identifiers) solely to provide the wallet-pass notification service described in the Terms of Service.
The Controller warrants that it has a lawful basis for providing subscriber personal data to SendGlance, has given appropriate privacy notices to data subjects, and is authorised to instruct SendGlance to process the data.
SendGlance shall: (a) process data only on documented instructions from the Controller; (b) ensure persons authorised to process data are bound by confidentiality; (c) implement appropriate technical and organisational security measures; (d) assist the Controller in responding to data subject requests; (e) delete or return all personal data upon termination.
Current sub-processors: Supabase Inc. (database), Vercel Inc. (hosting), Stripe Inc. (payments). SendGlance will provide 30 days notice of changes to this list.
Where personal data is transferred outside the EEA, SendGlance relies on Standard Contractual Clauses (SCCs) approved by the European Commission.
SendGlance will notify the Controller without undue delay (and within 72 hours where feasible) after becoming aware of a personal data breach.
SendGlance will provide information reasonably necessary to demonstrate compliance and allow for audits, conducted at the Controller's expense with reasonable notice.
DPA requests: hello@sendglance.com