N
Northline Software Solutions

Data Processing Addendum

Last updated: December 2025

Introduction

This Data Processing Addendum ("DPA") describes how Northline Software Solutions ("we," "us," or "our") processes personal data in connection with our website and services. This DPA is designed to comply with applicable data protection laws, including the Protection of Personal Information Act (POPIA) in South Africa and the General Data Protection Regulation (GDPR).

Scope of Processing

We process limited personal data solely for the purpose of responding to enquiries submitted through our contact form. The personal data we may process includes:

  • Name
  • Email address
  • Company or organization name (if provided)
  • Phone number (if provided)
  • Message content and project details

Purpose and Legal Basis

We process your personal data for the following purposes:

  • To respond to your enquiries and communicate about potential projects
  • To provide information about our services
  • To prevent abuse of our contact form through rate limiting

Our legal basis for processing is your consent (when you submit the contact form) and our legitimate interest in responding to business enquiries and preventing abuse of our services.

Data Storage and Retention

Important: We do not store your form submissions in a database. When you submit our contact form:

  • Your information is sent directly to us via email using Resend
  • We do not maintain a database of contact form submissions
  • Your data exists only in email communications
  • We retain email correspondence for as long as necessary to fulfill the purposes outlined above, or as required by law

Rate limiting logs store only non-personal metadata (IP addresses and timestamps) temporarily in memory. This data is automatically cleaned up and is not linked to your personal information.

Subprocessors

We use the following subprocessors to process personal data:

Email Processing

  • Resend: Secure email delivery service for contact form submissions

Website Hosting

  • Vercel: Website hosting and deployment platform

Client Project Infrastructure

For applications we build for clients, we may use the following cloud processors (used only for client applications, not for processing data from this website):

  • Supabase: Backend-as-a-Service platform
  • PlanetScale: Database hosting service
  • Render: Cloud hosting platform
  • Hetzner: Cloud infrastructure provider
  • Xneelo: Web hosting and cloud services

Security Measures

We implement appropriate technical and organizational measures to protect personal data, including:

  • Rate limiting to prevent abuse and unauthorized access
  • Secure email transmission via Resend
  • HTTPS encryption for all website communications
  • Regular security assessments and updates
  • Minimal data collection and processing
  • No long-term storage of personal data

Data Subject Rights (POPIA & GDPR)

Under applicable data protection laws, you have the right to:

  • Access: Request a copy of any personal data we process about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data
  • Export: Request your data in a portable format
  • Objection: Object to processing of your personal data
  • Restriction: Request restriction of processing
  • Withdrawal: Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, please contact us at admin@northlinesoftware.co.za. We will respond to your request within 30 days.

POPIA-Specific Provisions

As a South African company, we comply with the Protection of Personal Information Act (POPIA). In addition to the rights listed above, POPIA provides you with:

  • The right to be notified of security breaches affecting your personal data
  • The right to lodge a complaint with the Information Regulator of South Africa
  • Protection against direct marketing (we do not engage in direct marketing)

Data Transfers

Some of our subprocessors may process data outside of South Africa. When we transfer personal data internationally, we ensure appropriate safeguards are in place, including:

  • Using subprocessors that comply with applicable data protection laws
  • Ensuring subprocessors have appropriate security measures in place
  • Limiting data transfers to what is necessary for the provision of services

Data Breach Notification

In the unlikely event of a data breach that affects your personal data, we will:

  • Notify you and the relevant supervisory authority within 72 hours (where required by law)
  • Provide details of the breach and the measures we are taking to address it
  • Advise you on steps you can take to protect yourself

Changes to This Addendum

We may update this Data Processing Addendum from time to time to reflect changes in our processing practices or legal requirements. We will notify you of any material changes by posting the updated addendum on this page and updating the "Last updated" date.

Contact Us

If you have any questions about this Data Processing Addendum or wish to exercise your rights, please contact us:

Northline Software Solutions

Email: admin@northlinesoftware.co.za

Phone: +27 82 876 6990 (Logan Cherry) or +27 66 384 7100 (Enrique Van Der Berg)