Data Processing Addendum
Shhhs handles DPA review through the contact process for reviewed commercial or Enterprise customers. This public page explains the current operational boundary; it is not a signed DPA.
01
A signed Data Processing Addendum is handled through reviewed commercial or Enterprise procurement. The public website does not auto-issue a DPA and does not imply that a DPA is active for anonymous or self-service use.
02
Depending on the feature, Shhhs may act as controller for account, billing, support, security, and abuse metadata, and as a service provider for encrypted payload storage and delivery metadata.
03
Current public subprocessors are documented by function. Cloudflare provides infrastructure and security edge services. Paddle provides billing as Merchant of Record. Resend is used only when transactional email delivery is configured.
04
Use the contact page for access, correction, deletion, export, objection, or billing-cancellation requests. Shhhs can act on account and metadata records it controls but cannot decrypt or recover secret content.
05
This page is not a blanket GDPR compliance claim, certification claim, SLA, or legal advice. Regulated deployments need reviewed terms and, when applicable, a signed DPA.
No. There is no AI processing on secret content.
No. Secret recovery would weaken the privacy model.
Support can help cancel billing after billing validation, but cannot restore account access or secret content.