Definition
Under GDPR, a data processor is any organization that processes personal data on behalf of a data controller. The controller decides why and how personal data is processed; the processor carries out those decisions. If you run a WordPress site with a contact form, you are the controller of that form data. Any service you use to handle it - your hosting provider, your CRM, a form-to-Sheets bridge - is a processor.
Processors and controllers have different obligations. Controllers must collect consent, define retention, respond to data-subject requests, and notify regulators in a breach. Processors must act only on controller instructions, use appropriate security, keep records of processing activities, and help the controller meet its obligations. The relationship is governed by a Data Processing Addendum (DPA).
How SheetLinkWP relates to Data Processor
SheetLinkWP is a data processor for any personal data flowing through our hosted services (CRM Fan-Out, AI Lead Scoring, AI Analytics). We publish a standard DPA on request and maintain an up-to-date sub-processor list. For the default Apps Script integration, no personal data ever touches SheetLinkWP infrastructure - it flows from WordPress to your Google Sheet directly, and Google is your processor under your Google Workspace terms.