WrenchDay Data Processing Addendum

Processor/controller terms for customer data, security measures, subprocessors, instructions, deletion, and transfers.

1. Roles

For shop customer records, vehicle records, repair records, communications, and similar operational data, the shop is generally the controller or business and WrenchDay is generally the processor or service provider, depending on applicable law.

For WrenchDay account administration, billing, security, product analytics, and platform operations, WrenchDay may act as an independent controller or business.

2. Processing instructions

WrenchDay will process customer data to provide, maintain, secure, support, improve, and administer the service according to the agreement, product configuration, documented instructions, and applicable law.

The customer is responsible for ensuring that its instructions are lawful and that it has all required notices, consents, and rights to submit data to WrenchDay.

3. Categories of data

Processed data may include account identifiers, business contact data, customer names, customer phone numbers, customer email addresses, vehicle details, VINs, appointment records, repair orders, service notes, photos, estimates, invoices, payment metadata, communications, mechanic records, settings, and usage logs.

4. Security measures

WrenchDay maintains administrative, technical, and organizational safeguards designed to protect customer data, including authentication, role separation, tenant scoping, same-origin protections, subscription gating, webhook verification, access controls, provider security controls, backups or recovery procedures where configured, and monitoring or logging appropriate to the service.

The customer remains responsible for end-user devices, credentials, account permissions, exports, local downloads, and any customer-side systems connected to WrenchDay.

5. Subprocessors

WrenchDay may use subprocessors for hosting, database, authentication, storage, payment processing, SMS, email, AI processing, monitoring, and support. Current subprocessors should be maintained in the Subprocessor List.

WrenchDay should require subprocessors to protect customer data under terms appropriate to the service they provide.

6. Assistance and deletion

WrenchDay will provide reasonable assistance for data-subject requests, security inquiries, deletion requests, and export requests where the requested data is available through the service or support process.

Upon termination, WrenchDay may delete, anonymize, or retain customer data according to the agreement, backup practices, legal requirements, fraud prevention, billing records, and legitimate business needs.

7. Audits and transfers

Reasonable security documentation may be provided on request, subject to confidentiality and operational limitations. On-site audits require prior written agreement.

Cross-border transfers, where applicable, should be governed by appropriate transfer mechanisms such as standard contractual clauses or other lawful mechanisms.