Aboard processes personal information on behalf of its customers in connection with its Services. In these cases, Aboard acts as a data processor (or service provider), and the customer acts as the data controller (or business).

We enter into Data Processing Agreements (DPAs) with our customers that govern how personal information is handled, including security, confidentiality, and data protection obligations.

Our DPAs are aligned with applicable data protection laws, including GDPR where applicable, and incorporate appropriate safeguards for international data transfers, such as Standard Contractual Clauses.

Aboard maintains a SOC 2 Type II report covering its security controls, which is available to customers upon reasonable request and subject to confidentiality obligations.

We implement industry-standard technical and organizational measures to protect personal information, including access controls, encryption in transit, and monitoring.

A current list of subprocessors is available upon request.

For more information about our privacy and security practices, please contact: privacy@getaboard.co