Last Updated: 6th March 2026
Effective Date: 1st January 2026
Introduction
This Data Processing Addendum (“DPA”) forms part of the SaaSi Hub Terms and Conditions between SaaSi Hub LLC (“SaaSi Hub”) and the organisation using the SaaSi Hub platform (“Customer”).
This DPA applies where SaaSi Hub processes personal data on behalf of the Customer in connection with the provision of the SaaSi Hub platform and related services.
By using the SaaSi Hub platform, the Customer agrees to the processing of personal data in accordance with this DPA.
This DPA is incorporated into and governed by the SaaSi Hub Terms and Conditions.
The parties agree that this DPA governs the processing of personal data in accordance with applicable data protection laws, including the EU General Data Protection Regulation (EU GDPR), the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection legislation.
In the event of any conflict between this Data Processing Addendum and the SaaSi Hub Terms and Conditions, the provisions of this DPA shall prevail with respect to the processing of personal data.
1. Definitions
For the purposes of this DPA:
Controller means the entity that determines the purposes and means of processing personal data.
Processor means an entity that processes personal data on behalf of the Controller.
Personal Data means any information relating to an identified or identifiable natural person.
Processing means any operation performed on personal data, including collection, storage, retrieval, analysis, or deletion.
Subprocessor means any third party engaged by SaaSi Hub to process personal data on behalf of the Customer.
Data Protection Laws means all applicable privacy and data protection laws including GDPR and UK GDPR.
2. Scope of Processing
SaaSi Hub provides a software platform that helps organisations monitor and manage SaaS subscriptions, licence usage, and employee offboarding processes.
In providing the platform, SaaSi Hub may process personal data supplied by or on behalf of the Customer.
Processing activities may include:
- Identifying active SaaS licences associated with employees
- Analysing licence usage data
- Generating cost analytics and reporting insights
- Identifying licences linked to terminated employees
- Supporting access management and offboarding workflows
Processing occurs solely for the purpose of providing the SaaSi Hub platform and related services.
Summary of Processing Activities
| Item | Description |
| Subject Matter | Provision of the SaaSi Hub platform for monitoring and managing SaaS subscriptions, licence usage, and employee offboarding workflows. |
| Nature of Processing | Collection, analysis, and reporting of SaaS licence and account metadata obtained through customer configured integrations. |
| Purpose of Processing | To provide the SaaSi Hub platform, including licence monitoring, analytics, reporting, and offboarding management. |
| Categories of Personal Data | Employee names, company email addresses, employment status, licence allocation data, SaaS usage metadata, login activity information. |
| Categories of Data Subjects | Employees, administrators, authorised users of the Customer organisation. |
| Duration of Processing | For the duration of the Customer’s use of the SaaSi Hub platform and any applicable retention period described in the Privacy Policy. |
3. Platform Processing Scope
The Customer acknowledges that SaaSi Hub processes personal data solely as required to operate the SaaSi Hub platform and provide the services described in the SaaSi Hub Terms and Conditions, Privacy Policy, and related documentation.
Processing activities are limited to those necessary for the operation of the platform, including SaaS subscription monitoring, licence analytics, reporting, and integration based data synchronisation.
SaaSi Hub does not process personal data for purposes other than those necessary to deliver the SaaSi Hub service, except where required by applicable law.
The Customer agrees that the functionality of the platform and the processing activities described in this DPA constitute the Customer’s complete instructions for processing personal data, unless otherwise agreed in writing.
4. Roles of the Parties
For the purposes of applicable data protection laws:
- The Customer acts as the Data Controller
- SaaSi Hub acts as the Data Processor
The Customer determines the purposes and lawful basis for processing personal data within the platform.
SaaSi Hub processes personal data only in accordance with the Customer’s documented instructions and this DPA.
Where a Customer uses SaaSi Hub through a Managed Service Provider (MSP) or other authorised third party administrator, the Customer remains the Data Controller and the MSP acts on behalf of the Customer.
5. Processing Instructions
SaaSi Hub will process personal data only in accordance with:
- The Customer’s documented instructions
- The SaaSi Hub Terms and Conditions
- This Data Processing Addendum
The Customer instructs SaaSi Hub to process personal data for the purposes of providing the SaaSi Hub platform, including licence monitoring, SaaS analytics, reporting, and offboarding management.
If SaaSi Hub believes that any instruction from the Customer infringes applicable data protection laws, SaaSi Hub will inform the Customer where reasonably possible.
6. Types of Personal Data Processed
Depending on the integrations connected by the Customer, the following categories of personal data may be processed:
- Employee names
- Company email addresses
- Employment status (active or terminated)
- Licence allocation data
- SaaS usage metadata
- Login activity information
- Organisational account information
SaaSi Hub does not access or store the contents of emails, documents, or communications within connected SaaS applications.
7. Categories of Data Subjects
Personal data processed may relate to:
- Employees of the Customer organisation
- Administrators of the Customer organisation
- Authorised users of the SaaSi Hub platform
- Customer contacts interacting with SaaSi Hub services
8. Customer Responsibilities
The Customer agrees that:
- It has a lawful basis to collect and process personal data submitted to SaaSi Hub
- It has provided appropriate privacy notices to relevant data subjects
- It has obtained any necessary permissions required for SaaSi Hub to process the data
The Customer remains responsible for:
- Determining the purposes of processing
- Configuring integrations connected to the platform
- Managing access permissions for authorised users
9. Customer Data Accuracy and Lawful Source
The Customer is responsible for ensuring that any personal data provided to SaaSi Hub, whether directly or through integrations with third party systems, has been collected and processed in accordance with applicable data protection laws.
The Customer represents and warrants that:
- It has a lawful basis for processing the personal data submitted to the SaaSi Hub platform
- It has provided appropriate privacy notices to relevant data subjects
- It has obtained any necessary permissions required to connect third party systems or integrations
SaaSi Hub does not independently verify the accuracy, legality, or completeness of personal data provided by the Customer or imported through connected services.
The Customer remains responsible for ensuring that the personal data processed through the SaaSi Hub platform is accurate, lawful, and necessary for the intended purposes.
10. Integration Data and Third Party Systems
The SaaSi Hub platform may allow Customers to connect third party software systems and integrations in order to retrieve information required for platform functionality.
Customers are solely responsible for:
- Configuring and authorising integrations connected to the SaaSi Hub platform
- Ensuring that such integrations are configured in accordance with their organisation’s internal policies and applicable data protection laws
- Verifying the accuracy and appropriateness of any data retrieved from connected third party systems
SaaSi Hub does not control the operation, security, or data processing practices of third party services connected by the Customer.
SaaSi Hub shall not be responsible for the accuracy, availability, or legality of data retrieved from third party systems connected by the Customer.
11. Security Measures
SaaSi Hub implements appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.
Security measures may include, but are not limited to:
- Encrypted data transmission using TLS protocols
- Encryption of sensitive data at rest
- Restricted internal access controls
- Infrastructure hosted on secure cloud environments
- Regular vulnerability monitoring and patch management
Details of SaaSi Hub security practices may be described further within the Security & Trust section of the SaaSi Hub website.
12. Confidentiality of Processing
SaaSi Hub ensures that any personnel authorised to process personal data are subject to appropriate confidentiality obligations.
Access to personal data is restricted to personnel who require such access in order to perform their job responsibilities related to the operation, maintenance, or support of the SaaSi Hub platform.
All personnel with access to personal data are trained on appropriate data protection and security practices.
13. Subprocessors
SaaSi Hub may engage trusted third party service providers to assist in delivering the platform.
These providers act as subprocessors and may process personal data on behalf of SaaSi Hub.
A current list of SaaSi Hub subprocessors is available at: https://www.saasihub.com/subprocessors
SaaSi Hub ensures that all subprocessors are bound by contractual obligations requiring appropriate data protection and security measures consistent with this DPA.
SaaSi Hub may update its subprocessors from time to time. The current list of subprocessors will be maintained on the SaaSi Hub website.
14. International Data Transfers
SaaSi Hub may process personal data in countries outside the European Economic Area or the United Kingdom.
Where such transfers occur, SaaSi Hub ensures that appropriate safeguards are implemented in accordance with applicable data protection laws.
Such safeguards may include:
- Standard Contractual Clauses approved by the European Commission
- Equivalent international transfer mechanisms recognised under UK GDPR
15. Data Subject Rights
SaaSi Hub will assist the Customer, where reasonably possible, in responding to requests from data subjects exercising their rights under applicable data protection laws.
These rights may include:
- Access to personal data
- Correction of inaccurate data
- Deletion of personal data
- Restriction of processing
- Data portability
Requests relating to personal data should normally be directed to the Customer, who acts as the Data Controller.
If SaaSi Hub receives a request directly from a data subject relating to personal data processed on behalf of a Customer, SaaSi Hub will, where appropriate, direct the data subject to contact the relevant Customer or notify the Customer of the request.
16. Assistance With Compliance
Taking into account the nature of processing and the information available to SaaSi Hub, SaaSi Hub will provide reasonable assistance to the Customer in meeting the Customer’s obligations under applicable data protection laws.
This may include assistance relating to:
- Responding to data subject requests
- Conducting data protection impact assessments (DPIAs)
- Cooperating with supervisory authorities where required
Such assistance will be provided to the extent reasonably possible and appropriate to the services provided.
17. Data Breach Notification
In the event of a personal data breach affecting Customer data, SaaSi Hub will notify the Customer without undue delay after becoming aware of the breach and in accordance with applicable data protection laws.
Such notification will include information reasonably necessary for the Customer to fulfil any legal obligations relating to breach reporting.
18. Data Retention and Deletion
SaaSi Hub will retain personal data only for as long as necessary to provide the platform and fulfil contractual or legal obligations.
Upon termination or expiry of the Customer’s subscription:
- The Customer may export relevant data from the platform
- SaaSi Hub will delete or anonymise Customer personal data within a reasonable period following termination of the Customer’s account, unless retention is required by applicable law
Once Customer data has been deleted from active systems in accordance with this DPA and the SaaSi Hub Terms and Conditions, such data may no longer be recoverable.
Encrypted backup systems are maintained for disaster recovery purposes and are automatically overwritten on a rolling basis. Deleted Customer data may remain in backup archives until those backups expire, but SaaSi Hub is not required to restore or extract data from backup systems once an account has been closed or data has been deleted.
Further details regarding data retention are outlined in the SaaSi Hub Privacy Policy.
19. Audits and Compliance
SaaSi Hub will make available reasonable information necessary to demonstrate compliance with this DPA, including information relating to security practices and data protection controls.
Where required under applicable law, the Customer may request additional information regarding SaaSi Hub’s data protection practices.
Any audit requests must be reasonable in scope and limited to information necessary to demonstrate compliance with this DPA. SaaSi Hub is not required to provide access to confidential internal systems, infrastructure, or security documentation where doing so would compromise the security of the platform or other customers.
20. Liability
Each party’s liability under this DPA shall be subject to the limitations of liability set out in the SaaSi Hub Terms and Conditions.
21. Governing Law
This DPA shall be governed by the same governing law specified in the SaaSi Hub Terms and Conditions.
22. Contact Information
If you have questions regarding this Data Processing Addendum or SaaSi Hub’s data protection practices, you may contact us at: privacy@saasihub.com