Data Processing Agreement
Last updated: July 1, 2026
1. About this agreement
This Data Processing Agreement (“DPA”) summarizes how Peakure LLC (“Forgekite”, “we”) processes personal data on behalf of customers who use Forgekite. It supplements our Terms of Service. This is a template summary and is not a substitute for a signed DPA where one is required.
For most accounts this DPA is incorporated by reference into the Terms of Service and no separately signed copy is required. Enterprise customers may request a countersigned copy by emailing team@forgekite.com.
2. Roles of the parties
For personal data processed through Forgekite in the course of your collections activity, the customer is the data controller and Forgekite (Peakure LLC) is the data processor. Forgekite processes that data only on the customer's documented instructions, as reflected in the product configuration and this DPA.
3. Categories of data processed
- Invoice and debtor data: invoice amounts, due dates, and the names, email addresses, phone numbers, and company details of the debtors and contacts you chase.
- Communication data: the reminders sent through Forgekite and related delivery events (opens, clicks, bounces).
- Usage data: product usage and diagnostic data generated as you operate the service.
4. Purpose of processing
We process this data for the sole purpose of running collections and AR follow-up on the customer's behalf — detecting overdue invoices, generating and sending tone-adaptive reminders, tracking outcomes, and providing the related dashboard and reporting features. We do not process it for our own unrelated purposes and do not sell it.
5. Subprocessors
We engage subprocessors to deliver the service (for example, hosting, database, email, SMS, AI generation, and analytics providers). A current list is maintained on our Subprocessors page. Accounting platforms you connect (Xero today; QuickBooks and others via Unified.to coming soon) are engaged at your direction. We require subprocessors to provide appropriate safeguards for the data they handle.
6. Security measures
We apply technical and organizational measures appropriate to the data, including:
- Encryption of data in transit and at rest.
- Row-level security in our database, isolating each customer's data.
- No storage of full payment card numbers — card processing is handled by Stripe.
7. International transfers
Where personal data is transferred across borders, the parties rely on the applicable Standard Contractual Clauses (EU/UK SCCs) and equivalent safeguards.
8. Data subject requests and assistance
We will provide reasonable assistance to help the customer respond to data-subject requests and to meet the customer's security, breach-notification, and impact-assessment obligations, taking into account the nature of the processing and the information available to us.
9. Return and deletion
On termination, we will delete or return personal data processed on the customer's behalf in accordance with our Privacy Policy and applicable retention requirements.
10. Governing law
This DPA is governed by the laws of the State of New York, United States, with venue in the State of New York, United States.
11. Signatures
This DPA is executed by the authorized representatives of the Customer and Peakure LLC and takes effect on the date the Customer accepts the Terms of Service.
12. Contact
Questions about this DPA or to request a signed copy: privacy@forgekite.com.