1. Roles and scope

Blunt Logic Ltd is registered in England and Wales (company number PENDING_COMPANY_NUMBER). Registered office: PENDING_REGISTERED_OFFICE_ADDRESS.

The customer acts as controller for customer personal data it submits to, stores in, or asks the workspace to process. Blunt Logic Ltd acts as processor when hosting, operating, securing, supporting, monitoring, or improving the private deployment according to customer instructions. This DPA applies to personal data processed for the customer through the private workspace and related managed services.

2. Processing instructions

Blunt Logic Ltd will process customer personal data only to provide the service, follow documented customer instructions, comply with law, and perform related security, support, monitoring, backup, billing, and operational activities. The Terms of Service, order form, workspace configuration, and customer use of the service are documented instructions.

If Blunt Logic Ltd considers that a customer instruction infringes UK GDPR, the Data Protection Act 2018, or other applicable data protection law, Blunt Logic Ltd will inform the customer without undue delay and may suspend performance of the affected instruction until the customer has confirmed or amended it in writing.

Blunt Logic Ltdwill not sell, rent, or disclose customer personal data to unrelated third parties for those parties' own purposes. Disclosures are limited to subprocessors under contract, disclosures required by law, or disclosures made with the customer's documented instruction.

3. Categories of data and data subjects

Customer personal data may include business contact details, CRM records, messages, notes, prompts, generated content, uploaded documents, support content, audit logs, and usage records. Data subjects may include customer staff, prospects, suppliers, business contacts, and other individuals whose data the customer chooses to process through the workspace.

4. Security measures

Blunt Logic Ltd will use appropriate technical and organisational measures designed to protect customer personal data, including owner-gated access, MFA-capable authentication, server-side secret handling, deployment isolation, audit logging, provider access controls, backup discipline, vulnerability and dependency maintenance, and redacted monitoring where practical.

5. Confidentiality and personnel

Blunt Logic Ltd will ensure that persons authorised to process customer personal data have committed to confidentiality or are under an appropriate statutory obligation of confidentiality. Access should be limited to what is reasonably needed for hosting, support, security, maintenance, incident response, billing, or agreed work.

6. Subprocessors

The customer authorises Blunt Logic Ltd to use subprocessors needed to provide the service, such as hosting, database, authentication, email, billing, monitoring, support, and AI providers. Blunt Logic Ltd will remain responsible for subprocessors it appoints and will use commercially reasonable efforts to ensure subprocessors protect customer personal data under suitable contractual terms.

Before live use, the current subprocessor list and any objection mechanism should be confirmed in the order form, privacy notice, or customer agreement.

7. International transfers

Where customer personal data is transferred outside the UK or EEA, Blunt Logic Ltd will rely on appropriate transfer mechanisms where required, such as adequacy decisions, UK international data transfer terms, standard contractual clauses, or equivalent provider commitments.

8. Assistance

Taking into account the nature of the processing and information available, Blunt Logic Ltd will provide reasonable assistance with data subject requests, security obligations, data protection impact assessments, consultations with regulators, and customer compliance duties relating to the service.

9. Personal data breaches

Blunt Logic Ltd will notify the customer without undue delay after becoming aware of a personal data breach affecting customer personal data. The notice will include available information about the nature of the breach, affected data, likely consequences, and mitigation steps, where known.

10. Deletion, return, and backups

On termination or written instruction, Blunt Logic Ltd will return, export, delete, or anonymise customer personal data according to the applicable agreement, technical feasibility, and backup retention limits. Limited records may be retained where needed for billing, audit, legal compliance, dispute resolution, security, and legitimate business records.

11. Audit and information rights

Blunt Logic Ltd will make reasonable information available to demonstrate compliance with this DPA. Any audit must be proportionate, scheduled in advance, protect other customers and confidential information, and avoid disrupting production systems. Independent reports or summaries may be used where appropriate.

12. Contact

Data protection enquiries: privacy@bluntlogic.ai. General enquiries: hello@bluntlogic.ai.