Data Processing Agreement
Last updated July 9, 2026
1. Parties and roles
This Data Processing Agreement ("DPA") applies where you (the "Customer") use Recon Pilot to process personal or financial data relating to your own clients. For that data, the Customer is the data controller and Recon Pilot acts as the data processor, processing it only on the Customer's documented instructions.
2. Scope and purpose of processing
- Subject matter: reconciliation of ledgers, statements, and supporting documents uploaded by the Customer.
- Duration:for the term of the Customer's use, subject to the retention window the Customer configures.
- Nature and purpose: ingesting, standardizing, matching, and reporting on transactions; maintaining an audit trail.
- Types of data: transaction descriptions, amounts, dates, account references, and any personal data the Customer chooses to upload.
- Data subjects:the Customer's clients, vendors, and counterparties.
3. Processor obligations
- Process personal data only on the Customer's documented instructions.
- Ensure personnel authorized to process data are bound by confidentiality.
- Implement appropriate technical and organizational security measures (see Section 5).
- Scope every data operation to the owning account so tenant data remains isolated.
- Assist the Customer, taking into account the nature of processing, in responding to data-subject requests.
- Delete or return personal data at the Customer's choice upon termination, subject to legal-hold exemptions.
4. Confidentiality of Customer content
Recon Pilot does not use the contents of a Customer's ledgers, statements, amounts, dates, or documents to serve any other customer. Anonymized learning contributions described in our Privacy Policy are strictly opt-in at the individual-user level and exclude amounts, dates, identities, and document contents.
5. Security measures
- Encryption of data in transit (TLS) and at rest at the infrastructure level.
- Per-account query scoping to enforce tenant isolation (no cross-tenant reads).
- Least-privilege administrative access; admins cannot view Customer reconciliation contents.
- Parameterized queries and input validation to guard against injection.
- Immutable, locked reconciliations for signed-off audit evidence.
6. Sub-processors
The Customer authorizes Recon Pilot to engage sub-processors to provide the service, including database hosting, application hosting, and AI model providers used for extraction and matching. Recon Pilot remains responsible for sub-processors' compliance with obligations equivalent to those in this DPA and will give notice of material changes to its sub-processor list.
7. International transfers
Where personal data is transferred across borders, such transfers are made under an appropriate transfer mechanism as required by applicable law. Customers with specific data-residency requirements should contact us before uploading regulated data.
8. Data-subject requests
Recon Pilot provides self-serve tooling that helps the Customer fulfil access, portability, and erasure requests: full data export and permanent deletion are available in Account & data.
9. Personal data breach
Recon Pilot will notify the Customer without undue delay after becoming aware of a personal data breach affecting the Customer's data, and will provide information reasonably necessary for the Customer to meet its own notification obligations.
10. Return and deletion
On termination, the Customer may export their data and then delete their account, which permanently removes all associated records. Retention windows configured by the Customer apply during the term; locked reconciliations persist as audit evidence until the Customer reopens or deletes them.
11. Audit
Upon reasonable written request, Recon Pilot will make available information necessary to demonstrate compliance with this DPA, subject to confidentiality protections and the security of other customers.