GetUp is an all-in-one operations platform for companies that run multiple brands or multiple locations. A single panel covers staff shift scheduling, tablet-based check-in, payroll, multi-company invoicing, shopping and procurement lists, an external accountant portal and a built-in AI assistant. GetUp is sector-agnostic: every industry gets the same panel with no vertical privileged over another. For Polish customers, an optional KSeF FA-3 e-invoicing connector is available.

GetUp is built for any business that has to manage more than one company, brand or location — regardless of sector. Owners, managers and teams in any industry use the same panel for staff, shifts, payroll, invoices and shopping instead of stitching together a patchwork of tools.

Is GetUp tied to any specific sector?

No. GetUp is a sector-agnostic business operations platform. No industry is privileged over another. The core modules — staff, shifts, payroll, invoicing, shopping lists, accountant access and the AI assistant — apply equally to any multi-brand or multi-location company in any sector.

Which industries use GetUp?

GetUp is deliberately sector-agnostic. Typical users include restaurant and bar groups, retail chains, hotel and short-term rental networks, gyms and studios, beauty and wellness chains, car washes and auto services, cleaning companies, medical and dental clinics, multi-site construction firms, staffing agencies, legal and accounting practices, and multi-brand e-commerce sellers — but the product applies equally to any industry that runs more than one brand or location.

Does GetUp support KSeF e-invoicing in Poland?

Yes. GetUp generates KSeF FA-3 compliant invoice XML, submits through the encrypted KSeF session API, archives the response UUID, and exposes the full history to both the company and its external accountant. Both KSeF Demo and Production environments are supported.

Which languages does GetUp support?

The GetUp panel is fully localised in English, Polish and Turkish. The built-in AI assistant answers in whichever of the three languages the user speaks.

Which countries is GetUp available in?

GetUp is operated from Poland and is available worldwide over the web. It has first-class localisation and active users in Poland, Turkey and the wider European Union, with full language support for English, Polish and Turkish.

How much does GetUp cost?

GetUp offers a Starter plan at €69 / $79 / 299 zł per month and a Pro plan at €129 / $139 / 499 zł per month. Both plans include all modules and a 14-day free trial with no card required. Annual billing and custom enterprise plans are available on request.

Is there a free trial?

Yes. GetUp offers a 14-day free trial on both Starter and Pro with no credit card required. You can start at https://getup.dev/register.

Is there a free plan?

GetUp is a paid SaaS. There is no permanent free tier, but every new tenant gets a 14-day free trial of either plan with no card required.

Does GetUp have an AI assistant?

Yes. The GetUp assistant is a chat interface embedded into the panel that knows both the GetUp product and the tenant's own data (shifts, invoices, payroll, shopping), respecting the same role-based permissions as the UI. It answers in English, Polish or Turkish.

How does GetUp compare to Deputy, When I Work, Homebase or Connecteam?

Deputy, When I Work, Homebase and Connecteam specialise in workforce and shift scheduling. GetUp covers shifts plus multi-company invoicing, payroll, procurement, an external accountant portal and an AI assistant — all in one panel. If a business only needs shift scheduling a specialist tool is fine; if it runs multiple companies or locations and wants invoicing, payroll and procurement in the same place, GetUp is purpose-built for that.

How does GetUp compare to Odoo or NetSuite?

Odoo and NetSuite are full ERP suites with long implementations, per-module pricing and a steep learning curve. GetUp is a flat-priced, self-serve, SMB-scale operations platform focused specifically on multi-brand and multi-location small and mid-sized businesses that do not need the weight of a full ERP.

How does GetUp compare to Fakturownia, iFirma or InFakt in Poland?

Fakturownia, iFirma and InFakt are invoicing and bookkeeping tools. GetUp includes KSeF-ready multi-company invoicing as one of several modules, but also covers staff shifts, tablet check-in, payroll, shopping and procurement, an external accountant portal and an AI assistant — so a multi-brand business does not need to combine an invoicing tool with three separate apps.

Does GetUp support multiple companies under one account?

Yes. A single GetUp tenant can hold many legal entities. Each company has its own issuer profile, numbering series, counter-parties and invoices, but everything is managed from one panel with shared staff, shifts and AI context.

Can an external accountant access the panel?

Yes. Every tenant can invite an external accountant with a scoped login (read-only or export-only) at no extra seat fee. The accountant sees invoices and financial data but not HR or shift data unless explicitly granted.

Does GetUp do payroll?

Yes. GetUp computes hourly payroll from the real check-in data captured on the tablet module, across multiple companies and locations. It produces exports for the company's accountant and feeds directly into the invoicing module where relevant.

Does GetUp work on mobile?

Yes. The GetUp panel is responsive on iOS and Android and can be installed as a progressive web app. The tablet check-in module is explicitly designed to run on a shared tablet placed at each location.

Is GetUp GDPR compliant?

Yes. GetUp is operated from the European Union by a Polish entity (AUTH sp. z o.o., Warszawa). Data is stored in Google Cloud / Firebase EU regions. A standard Data Processing Agreement is available at https://getup.dev/dpa.

Where is GetUp's data stored?

Tenant data is stored in Google Cloud / Firebase EU regions. The application is deployed on Vercel's edge network. Both platforms are EU-GDPR aligned.

GetUp is built and operated by AUTH sp. z o.o., a Polish company registered in Warszawa at Marszałkowska 58/15 (KRS 0001043319, NIP 5273062913). The canonical URL is https://getup.dev and support is available at support@getup.dev.

Does GetUp have an API?

GetUp uses Firebase under the hood and exposes internal endpoints under /api. A public integration API is on the roadmap; teams that need automation or data export today can get help via support@getup.dev.

Where can I report a security issue?

GetUp publishes an RFC 9116 security.txt at https://getup.dev/.well-known/security.txt. Preferred contact for responsible disclosure is support@getup.dev.

Home

ENEnglish PLPolski TRTürkçe

GetUp · Art. 28 GDPR

Data Processing Agreement (DPA)

Effective date: 19 April 2026 · Version: 2026-04-19

This Addendum (DPA) becomes binding upon your acceptance of the GetUp Terms of Service (the “Main Agreement”) or your use of the Service, without need for a signature. It is an integral part of the Main Agreement. This DPA satisfies the written-contract requirement between a Controller (Customer) and a Processor (GetUp) under GDPR Article 28(3) and Polish data-protection law.

Processor

AUTH spółka z ograniczoną odpowiedzialnością (AUTH sp. z o.o.)
Marszałkowska 58 / 15, 00-545 Warszawa, Polska
KRS: 0001043319 · NIP: 5273062913 · REGON: 525652590
privacy@getup.dev

1. Parties and Roles

Controller: the customer company that signs up for GetUp and uploads its employee, client and supplier data (“Customer”). The Customer determines the purposes and means of the Personal Data it uploads.
Processor: GetUp (“Provider”, “we”). Processes Personal Data only on the documented instructions of the Customer and as permitted by this DPA.

For Customer Account Data (signup, payment), GetUp acts as a Controller and handles that data under its Privacy Policy.

2. Subject Matter, Duration, Nature and Purpose (Art. 28(3))

Subject matter: hosting, processing and serving employee, client, invoice, shift, payroll, expense and similar operational data uploaded by the Customer.
Duration: for as long as the Customer's GetUp subscription is active, plus the return/deletion window after termination.
Nature: storage (Firestore + Cloud Storage), display, search, filtering, reporting, backup, transactional email, payment interface, KSeF integration.
Purpose: letting the Customer run its multi-company operational, staff, financial and KSeF obligations.
Categories of data subjects: Customer's employees, clients, business partners, suppliers.
Categories of personal data: name, contact (email, phone), salary/payroll info, working hours, identifiers (NIP/REGON), address, invoice details, KSeF reference numbers.

3. Customer Instructions

GetUp processes Personal Data only:

(a) on the documented instructions given under this DPA and the Main Agreement,
(b) unless otherwise required by EU or Polish law,
(c) to the extent technically necessary to provide the Service.

If we believe an instruction violates GDPR or applicable law, we will inform the Customer promptly (Art. 28(3)(h)).

4. Sub-Processors

The Customer grants prior general authorisation for the following sub-processors:

Google / Firebase — database, authentication, storage
Vercel — application hosting, CDN, analytics
Stripe — payment processing, subscription management
Resend — transactional email
ImprovMX — inbound email forwarding (support@, quote@, privacy@)

When a new sub-processor is added or an existing one replaced, we notify the Customer by email at least 14 days in advance. If the Customer objects within that window, we will seek a reasonable resolution; if none is possible, the Customer may terminate without penalty.

We maintain a written contract with each sub-processor providing a protection level equivalent to Art. 28. The current sub-processor list is always available at /compliance.

5. Technical and Organisational Measures (TOMs — Art. 32)

GetUp applies at minimum the following measures:

Encryption in transit: TLS 1.3 on all traffic
Encryption at rest: AES-256 (Google Cloud), AES-GCM layer for password hashes
Access control: role-based authorisation, HMAC-SHA256 signed session tokens, mandatory TOTP 2FA for admins
Data isolation: Firestore Security Rules — per-company companyId match
Network security: HTTPS-only, CSP, CORS, HMAC webhook signature verification
Backup: daily backup + 7-day point-in-time recovery (Firebase)
Region: Firebase europe-west3 (Frankfurt) — data within the EU
Observability: activity log, subscription event log, daily retention cron
Incident response: written breach playbook + incident register (Art. 33–34)
Data minimisation: self-service erasure (Art. 17), cascade delete, retention cron

The current, detailed TOM list is always viewable by the Customer at /compliance.

6. Confidentiality of Personnel

Every GetUp staff member authorised to access Personal Data is under a written confidentiality obligation or bound by statutory confidentiality duties. Access is limited on a need-to-know basis.

7. Assistance with Data Subject Rights (Art. 28(3)(e))

GetUp reasonably assists the Customer with responding to data subject requests (access, rectification, erasure, portability, objection) through appropriate technical and organisational measures. Self-service tooling:

Art. 20 — Portability: /api/account/export JSON dump of all company data
Art. 17 — Erasure: self-service account deletion on the Subscription page
Art. 16 — Rectification: in-app edit screens
Other requests: privacy@getup.dev — answered within 30 days

8. Personal Data Breach Notification (Art. 33)

On becoming aware of a Personal Data breach, GetUp notifies the affected Customer without undue delay and, where feasible, within 24 hours, by email. The notice contains:

Nature of the breach, categories and approximate number of data subjects
DPO / contact point: privacy@getup.dev
Likely consequences
Measures taken or proposed

Every breach, whether notified or not, is recorded in GetUp's internal incident register (Art. 33(5)).

9. Audit Right (Art. 28(3)(h))

The Customer has the right to review GetUp's compliance with this DPA once per year. In practice this is satisfied primarily through review of the RoPA, TOM and sub-processor list published at /compliance and, where available, sharing of independent audit reports (e.g. Firebase SOC 2, Stripe SOC 2). On-site audit requires at least 30 days' prior written notice; reasonable confidentiality and cost obligations may apply.

10. International Transfers

GetUp only transfers data outside the EU subject to appropriate safeguards:

EU Standard Contractual Clauses (SCC) — 2021 version, Module 2 (Controller–Processor)
EU-U.S. Data Privacy Framework (DPF) — for certified sub-processors
Where necessary, a transfer impact assessment (TIA) plus additional technical safeguards

Core data (/companies, content) is stored in Firebase europe-west3 — in practice most data stays within the EU.

11. End of Contract — Return and Deletion (Art. 28(3)(g))

On termination the Customer may choose between:

(a) Return: Customer may download a data dump via /api/account/export before termination.
(b) Deletion: If the Customer chooses self-service deletion or gives no other instruction within 30 days of termination, GetUp cascade-deletes all Personal Data — except KSeF metadata and invoice records that must be retained by Polish tax law (5 years).

In the audit trail (subscriptionEvents) companyId is pseudonymised to "__deleted__" so the personal-data link is broken while the event record is preserved.

12. Liability and Jurisdiction

Matters outside this DPA are governed by the Main Agreement. In case of conflict this DPA prevails. Governing law: Polish law and directly applicable EU law (GDPR). Forum: courts of Kraków — without prejudice to mandatory consumer or small-business protections.

13. Versioning

The current version of this DPA is 2026-04-19, published at getup.dev/dpa. Material changes are notified to the Customer by email at least 30 days in advance.

The version accepted by the Customer at signup is recorded on the Account (DPA version, timestamp, IP, user-agent) as an audit trail.

This DPA is drafted to meet the written-contract requirement under GDPR Art. 28. Enterprise customers who require a manually countersigned bespoke DPA may request one at privacy@getup.dev.