1. Scope and roles
This Data Processing Addendum forms part of the agreement between the customer and Rudd Enterprises, LLC, doing business as WrenchDay, when WrenchDay processes personal data on the customer’s behalf to provide the service.
For shop customer records, vehicle records, repair records, communications, and similar operational data, the shop is generally the controller or business and WrenchDay is generally the processor or service provider, depending on applicable law. For WrenchDay account administration, billing, security, product analytics, and platform operations, WrenchDay may act as an independent controller or business.
2. Processing instructions
WrenchDay will process customer data to provide, maintain, secure, support, improve, and administer the service according to the agreement, product configuration, documented instructions, and applicable law.
The agreement, the customer’s use and configuration of the service, and written requests accepted by WrenchDay are documented instructions. If WrenchDay reasonably believes an instruction violates applicable law, it may suspend the affected processing and inform the customer unless law prohibits notice. The customer is responsible for ensuring that its instructions are lawful and that it has all required notices, consents, and rights to submit data to WrenchDay.
3. Processing details
The processing concerns shop owners, invited staff and mechanics, shop customers, vehicle owners or contacts, callers, website visitors who interact with a shop workflow, and other individuals whose data the customer submits. Processing continues for the term of the service and afterward only as described by the agreement, deletion process, backup practices, or applicable law.
Processed data may include account identifiers, business contact data, customer names, customer phone numbers, customer email addresses, vehicle details, VINs, appointment records, repair orders, service notes, selected photos, estimates, invoices, payment metadata, communications, mechanic and timekeeping records, settings, authentication records, and usage logs. Processing operations may include collection, organization, storage, retrieval, transmission to enabled providers, restriction, export, deletion, and other operations needed to provide the service.
4. Security measures
WrenchDay maintains administrative, technical, and organizational safeguards designed to protect customer data, including authenticated sessions, role and feature authorization, tenant-scoped data access, same-origin protections for sensitive actions, signed payment webhooks, access controls, provider security controls, recovery measures maintained for the applicable infrastructure, dependency and release checks, and security-relevant monitoring or logging.
Personnel and contractors authorized to process customer data are subject to confidentiality obligations and are permitted to access the data only as needed for their assigned responsibilities. WrenchDay periodically reviews safeguards in light of the service, reasonably available technology, implementation cost, and processing risk.
The customer remains responsible for end-user devices, credentials, account permissions, exports, local downloads, and any customer-side systems connected to WrenchDay.
5. Subprocessors
The customer authorizes WrenchDay to use the providers identified in the published Subprocessor List for hosting, database, authentication, storage, payment processing, SMS, email, AI processing, analytics, monitoring, mobile infrastructure, integrations, and support. WrenchDay maintains that list and provides notice of a material new principal subprocessor where required by contract or law.
WrenchDay imposes data-protection and confidentiality obligations on subprocessors appropriate to the service they perform and remains responsible for their processing to the extent required by applicable law and the agreement. A customer with a reasonable data-protection objection to a new principal subprocessor can contact hello@wrenchday.com; WrenchDay will review the concern and work in good faith on a commercially reasonable resolution.
6. Individual requests and compliance assistance
Taking into account the nature of the processing and information available to it, WrenchDay will provide reasonable assistance for verified individual-rights requests, security inquiries, data-protection assessments, regulator inquiries, and customer compliance obligations applicable to WrenchDay’s processing. WrenchDay may direct the customer to self-service export, correction, access, or deletion tools where available.
If WrenchDay receives a request concerning customer-controlled data, it may refer the requester to the customer and will not independently respond on the customer’s behalf unless required by law or authorized by the customer.
7. Security incidents
WrenchDay will investigate a confirmed breach of security that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to customer personal data under WrenchDay’s control. WrenchDay will notify the customer without undue delay when notification is required by applicable law or the agreement and will provide information reasonably available to support the customer’s response.
Notice is not an admission of fault or liability. The customer is responsible for incident response involving its devices, credentials, user administration, exports, or systems outside WrenchDay’s control.
8. Return, deletion, and retention
During the service term, the customer may use available export and deletion controls or contact support. At termination, WrenchDay will delete, anonymize, return, or retain customer data according to the customer’s available instructions, the agreement, backup and recovery practices, legal requirements, fraud and abuse prevention, billing obligations, and legitimate recordkeeping needs.
Data retained for a permitted purpose remains protected under this addendum and is not available through a deleted user identity. WrenchDay does not promise a fixed deletion or backup-expiration period unless one is stated in a signed agreement.
9. Reviews and transfers
On reasonable written request, WrenchDay will make available information reasonably necessary to demonstrate compliance with this addendum, subject to confidentiality, security, privilege, third-party restrictions, and reasonable operational limits. The parties will first use existing documentation and remote review. Any additional audit requires advance written agreement on scope, timing, access controls, cost, and protection of other customers.
When applicable law requires a transfer mechanism for customer personal data processed across national borders, the parties will use an available lawful mechanism, including applicable standard contractual clauses, and will cooperate on reasonably required supplementary terms.
10. Contact
Questions or requests under this addendum can be sent to Rudd Enterprises, LLC at hello@wrenchday.com.
Questions about this document
Contact Rudd Enterprises, LLC, doing business as WrenchDay, at hello@wrenchday.com or use the WrenchDay support form.
