InfraNet HR
Platform
Case ManagementCompliance TrackingIncident ManagementLeave & AccommodationMulti-OrganizationReporting & Analytics
Solutions
Workers' CompensationOSHA RecordkeepingFMLA AdministrationADA & AccommodationHR InvestigationsEmployee RelationsUnemployment ClaimsPrevent Retaliation RiskOperational Continuity
Why InfraNet
About InfraNetThe Latch StoryOur Philosophy
Resources
BlogLearning HubDocumentationTrust Center
Client LoginRequest Access

Privacy & Data

Data Processing Agreement

Effective Date: May 30, 2026

This Data Processing Addendum (“DPA”) is an agreement between InfraNet HR (“InfraNet,” “we,” “our,” or “us”) and the customer organization (“Customer,” “Controller,” or “you”) regarding the processing of personal data through the InfraNet platform.

1. Purpose

The purpose of this DPA is to establish the responsibilities of each party regarding the processing of personal data and to define the safeguards applied to information processed through the Services.

2. Roles of the Parties

The Customer acts as the Data Controller and determines what data is collected, why it is collected, how it is used, who may access it, and how long it should be retained. InfraNet acts as the Data Processor and processes personal data solely for the purpose of providing the Services. InfraNet does not determine the purposes for which Customer data is collected or processed.

3. Categories of Data

Information processed through the platform may include employee information, applicant information, contact information, workplace incident records, leave administration records, accommodation documentation, investigation records, compliance documentation, and user account information. The specific categories are determined by the Customer.

4. Processing Activities

InfraNet may process personal data to provide platform functionality, store and organize records, authenticate users, generate reports, maintain system security, support customer requests, and perform backup and recovery activities. InfraNet will process personal data only as necessary to provide the Services.

5. Customer Instructions

InfraNet will process personal data only in accordance with customer instructions, applicable agreements, and applicable law. The Customer is responsible for ensuring that instructions are lawful and that appropriate authority exists to provide personal data to InfraNet.

6. Confidentiality

InfraNet personnel with access to Customer data are subject to confidentiality obligations and are expected to protect information from unauthorized disclosure. Access to Customer data is limited to individuals who require access to perform authorized duties.

7. Security Measures

InfraNet implements reasonable technical and organizational safeguards including encryption in transit, access controls, authentication safeguards, role-based permissions, monitoring and logging, and backup and recovery procedures. Security measures may evolve as technology and business requirements change.

8. Subprocessors

InfraNet may engage third-party service providers (“Subprocessors”) to support delivery of Services, including providers responsible for hosting, infrastructure, data storage, authentication, payment processing, and communication services. A current list of subprocessors is maintained separately. InfraNet remains responsible for its subprocessors’ performance as required by applicable agreements.

9. Data Subject Requests

To the extent reasonably possible, InfraNet will assist Customers in responding to requests involving access, correction, deletion, restriction, or portability. Customers remain responsible for responding to such requests.

10. Security Incidents

If InfraNet becomes aware of a confirmed security incident affecting Customer data, InfraNet will contain and remediate the issue, investigate the nature and scope of the incident, assess potential impact, notify affected Customers when appropriate and required by law, and implement corrective measures as necessary. Notification timing may depend on the nature of the incident and applicable legal requirements.

11. Data Retention and Deletion

Upon termination of Services, Customer data will be retained and deleted in accordance with InfraNet’s Data Retention Policy unless otherwise required by law or contractual obligation. Customers are encouraged to export necessary information prior to account closure.

12. International Transfers

Customer data may be processed and stored in locations where InfraNet or its service providers operate. InfraNet will take reasonable measures to protect personal data regardless of processing location.

13. Audits and Information Requests

Upon reasonable request, InfraNet may provide information regarding its security practices and controls to support Customer due diligence efforts. Nothing in this section requires InfraNet to disclose confidential security information, proprietary information, or information that could compromise platform security.

14. Limitation

This DPA supplements, but does not replace, the Terms of Service, Privacy Policy, or other agreements between the parties. If a conflict exists, the applicable written agreement between the parties shall control.

15. Contact

Questions regarding this Data Processing Addendum may be directed to:
InfraNet HR
Email: privacy@infranet-hr.com
Springfield, Missouri, United States

Last Updated: May 30, 2026

Company

About InfraNetWhy InfraNet ExistsContactRequest Access

Platform

Platform OverviewCase ManagementCompliance TrackingIncident ManagementLeave & AccommodationReporting & VisibilityMulti-Organization Management

Solutions

ADA AccommodationsFMLA AdministrationOSHA DocumentationWorkplace InvestigationsWorkers' CompensationEmployee RelationsPrevent Retaliation RiskUnemployment ClaimsOperational Continuity

Trust & Compliance

Trust CenterSecurity OverviewPrivacy PolicyTerms of ServiceAccessibility Statement

Resources

BlogState Compliance Learning HubDocumentation

© 2026 InfraNet HR. Built by HR, for HR.