PassKit Data Processing Addendum

This document governs how PassKit processes personal data on behalf of customers in accordance with applicable data protection laws.

Last Updated: February 24, 2026.

The PassKit Data Processing Addendum (“DPA”) forms part of the PassKit Subscription Service Agreement and governs PassKit's processing of personal data on behalf of customers in connection with the provision of the PassKit Services.

This DPA is designed to comply with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), UK GDPR, and the Swiss Federal Act on Data Protection (FADP), and incorporates the 2021 EU Standard Contractual Clauses and the UK International Data Transfer Addendum, where applicable.

1. Scope and purpose

The DPA governs PassKit's processing of personal data submitted to or processed through the PassKit platform by or on behalf of customers (“Customer Data”) and sets out the rights and obligations of the parties with respect to such processing.

2. Roles of the parties

For the purposes of applicable data protection laws:

  • the customer acts as the data controller (or equivalent under applicable law); and
  • PassKit acts as a data processor (or service provider) processing personal data on the customer’s behalf.

3. DPA document

The full Data Processing Addendum is provided as a PDF document and incorporates standard contractual clauses and other required provisions. A current list of PassKit's Sub-processors is included within the DPA and is updated periodically.

Download the PassKit Data Processing Addendum (Version 2026.02 - PDF)

PassKit maintains a SOC 2 Type II report and implements appropriate technical and organizational measures to safeguard customer data.

4. Relationship to other agreements

In the event of any conflict between the DPA and the Subscription Service Agreement, the terms of the DPA will prevail with respect to the processing of personal data.

5. Questions

If you have questions regarding the DPA or PassKit's data processing practices, please contact privacy@passkit.com.

Enterprise DPA Execution

Enterprise customers that require a countersigned version of the Data Processing Addendum may contact legal@passkit.com. PassKit will provide an execution copy of the current DPA version upon request.