The Smplrspace logo in dark blue color.
Platform
platform
Interactive 2D & 3D floor plans

Rapid floor plan digitization

Reporting & business intelligence

Contextualize any type of data

Integrate & embed Smplrspace

Control interactions, UX, and data

Real estate portfolio digitization

Portfolios in real-world context

Services
Floor plan digitization

Digitization services

Data mapping

Mapping of spatial entities

Solutions
By organization
Owners & operators

Portfolio-wide intelligence

Software companies

Interactive digital floor plans

By asset type
Retail

Spatial retail insights

Commercial office

Smarter office decisions

Multifamily

Unit-to-portfolio clarity

Resources
Two business executives seated at a table in a modern office, reviewing documents with a large screen displaying a 3D city map behind them through the Smplrspace application.
Why Smplrspace

Learn why Smplrspace is the visual canvas your real estate portfolio can rely on.

Learn more
Help center

Practical guides and insights

Support

Reach out to our support team

What's new

Product updates

System status

Platform performance

Developers
Two developers discussing a Smplrspace integration in a modern office with other programmers working nearby.
Quickstart guide

A practical starting point for developers new to Smplrspace.

Learn more
Developer docs

Starting point for developers

API reference

All available APIs

Live integration examples

See Smplrspace in action

Pricing
Log inContact sales
Contact sales

Data processing agreement

Last updated: June 18, 2026

This Data Processing Agreement ("DPA") forms part of the Terms of Use and any related agreement (the "Agreement") between Smplrspace Pte Ltd, 10 Petain Road #04-01, Singapore 208089 ("Smplrspace", "we", the "Processor") and the customer that accepts the Agreement (the "Customer", "you", the "Controller"). It governs our processing of personal data that you upload to or generate through the Smplrspace platform (the "Service") on your behalf.

Where this DPA conflicts with the rest of the Agreement in relation to the processing of personal data, this DPA prevails.

1. Definitions

"Data protection law" means all applicable laws relating to the processing of personal data, including the EU General Data Protection Regulation 2016/679 ("GDPR"), the UK GDPR, the Swiss FADP, and applicable US state privacy laws. "Controller", "processor", "data subject", "personal data", "processing", and "personal data breach" have the meanings given in the GDPR. "Customer Personal Data" means personal data that we process on your behalf under the Agreement, as described in Annex 1.

2. Roles and scope

For Customer Personal Data, you are the Controller and Smplrspace is the Processor. You determine the purposes and means of processing; we process Customer Personal Data only to provide the Service and only as set out in this DPA. Each party will comply with its obligations under data protection law. You are responsible for ensuring you have a lawful basis to collect the Customer Personal Data and to instruct us to process it.

3. Processing instructions

We will process Customer Personal Data only on your documented instructions, including those set out in the Agreement and this DPA, unless required to do otherwise by law (in which case we will inform you, unless the law prohibits it). We will inform you if, in our opinion, an instruction infringes data protection law.

4. Confidentiality

We ensure that personnel authorized to process Customer Personal Data are bound by appropriate confidentiality obligations and access the data only as needed to provide the Service.

5. Security

We implement appropriate technical and organizational measures to protect Customer Personal Data, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing, as described in Annex 2. We regularly review these measures.

6. Sub-processors

You provide general authorization for us to engage the sub-processors listed in Annex 3 to process Customer Personal Data. We impose data protection obligations on each sub-processor that are no less protective than those in this DPA, and we remain responsible for their performance. We maintain the current list of sub-processors in Annex 3. You may register at [email protected] to be notified in advance of any intended addition or replacement of a sub-processor, so that you have the opportunity to object on reasonable data-protection grounds.

7. Data subject rights

Taking into account the nature of the processing, we will assist you by appropriate technical and organizational measures, insofar as possible, to fulfill your obligation to respond to requests from data subjects exercising their rights. If we receive such a request directly, we will direct the data subject to you and will not respond on your behalf unless instructed.

8. Assistance

Taking into account the nature of processing and the information available to us, we will assist you in ensuring compliance with your obligations relating to security of processing, personal data breach notification, data protection impact assessments, and prior consultation with supervisory authorities.

9. Personal data breach notification

We will notify you without undue delay after becoming aware of a personal data breach affecting Customer Personal Data, and will provide information reasonably available to us to help you meet your notification obligations.

10. Deletion and return

On termination of the Service, or at your request, we will delete or return all Customer Personal Data, and delete existing copies, unless retention is required by law. Residual copies in routine backups will be deleted in the ordinary course of our backup cycle.

11. Audits and information

We will make available to you information reasonably necessary to demonstrate compliance with Article 28 of the GDPR, and will allow for and contribute to audits, including inspections, conducted by you or an auditor you mandate, subject to reasonable notice, confidentiality, and frequency limits. We may satisfy this obligation by providing relevant third-party certifications or audit reports where available.

12. International transfers

Where processing of Customer Personal Data involves a transfer outside the EEA, the UK, or Switzerland to a country without an adequacy decision, the transfer is made under appropriate safeguards, such as the European Commission's Standard Contractual Clauses (and the UK Addendum and Swiss adaptations where applicable), which are incorporated by reference.

13. Liability

Each party's liability under this DPA is subject to the limitations and exclusions of liability set out in the Agreement.

14. Term and termination

This DPA takes effect when you accept the Agreement and continues for as long as we process Customer Personal Data on your behalf.

15. Governing law

This DPA is governed by the law that governs the Agreement, except where data protection law requires otherwise.

‍

Annex 1 — Details of processing

  • Subject matter: provision of the Smplrspace platform (interactive 2D and 3D spatial visualization, data management, and related features).
  • Duration: the term of the Agreement.
  • Nature and purpose: hosting, storing, processing, and displaying Customer content and data to provide the Service.
  • Types of personal data: identifiers and contact details of the Customer's authorized users; and any personal data the Customer chooses to include in spaces, models, or datasets (for example, names, identifiers, or location/occupancy data relating to the Customer's employees, occupants, or visitors).
  • Categories of data subjects: the Customer's authorized users; and individuals whose data the Customer includes in the Service (for example, employees, occupants, or visitors).

Annex 2 — Technical and organizational measures

  • Encryption of data in transit using TLS.
  • Encryption of data at rest for stored data, via our infrastructure providers' default encryption.
  • Authentication managed by a specialized identity provider (Auth0).
  • Role-based access to the platform, so users access only the organizations and data they are authorized to.
  • Nightly backups of production data.
  • Logging and monitoring of application errors and infrastructure.

Annex 3 — Sub-processors

Sub-processor Purpose Location
Auth0 (Okta) Authentication Australia
Google Cloud Platform Database and backend infrastructure hosting Singapore
Firebase / Google Cloud Storage File and image storage (being migrated to Cloudflare) Singapore
Cloudflare (incl. R2 and Images) Edge hosting, CDN, object storage (R2), image storage and delivery (Images), traffic optimization Global
Sentry Error monitoring United States
Datadog Logging and infrastructure monitoring EU
Postmark Transactional email United States
MailerLite Email and newsletters EU
Airwallex Payment processing United States, Singapore, Netherlands
Join our newsletter

Be the first to hear about product updates, new features, and what’s next for smarter property data.

One more step: please, check your email and verify your email address.
Something went wrong while submitting the form.
Redefining communication about spaces.
Contact salesPricing
Platform
Interactive 2D & 3D floor plansReporting & business intelligenceIntegrate & embed SmplrspaceReal estate portfolio intelligence
Services
Floor plan digitizationData mapping
Solutions
by organization
Owners & operatorsSoftware companies
by asset type
RetailCommercial officeMultifamily
Resources
Why SmplrspaceHelp centerSupportWhat's newSystem status
Developers
Developer quickstartDeveloper docsAPI referenceLive integration examples
About
CompanyCareers
©
2026
Smplrspace | All rights reserved.
Privacy policyTerms of useCookies
Smplrspace status