Hey there, you only half answered the original question from the user called \u0027Secure\u0027. The following points were raised by them but never addressed:\u000a\u000aData deletion ... if data is deleted, is it permanent? How long are backups retained?\u000a\u000aGDPR ... UK GDPR and HK\u0027s PDPO are not the same thing. Do you offer a UK GDPR\u002Dcompliant Data Processing Agreement (DPA)?\u000a\u000aSubprocessors ... AWS is mentioned but who else touches the data? Full list please.\u000a\u000aSecurity certifications ... SOC 2 Type II, ISO 27001? Any independent audits? If not, is there a roadmap?\u000a\u000aBreach notification ... what\u0027s the notification timeline if there\u0027s a breach? Is there a formal incident response policy?\u000a\u000aLooking forward to your answers on these.

Following up on a previous question | Buildin

Hurdy_Gurdy_Man

Feb 26, 2026

Q: Following up on a previous question

Hey there, you only half answered the original question from the user called 'Secure'. The following points were raised by them but never addressed:

Data deletion ... if data is deleted, is it permanent? How long are backups retained?

GDPR ... UK GDPR and HK's PDPO are not the same thing. Do you offer a UK GDPR-compliant Data Processing Agreement (DPA)?

Subprocessors ... AWS is mentioned but who else touches the data? Full list please.

Security certifications ... SOC 2 Type II, ISO 27001? Any independent audits? If not, is there a roadmap?

Breach notification ... what's the notification timeline if there's a breach? Is there a formal incident response policy?

Looking forward to your answers on these.

Helpful?