![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 180 36" xmlns="http://www.w3.org/2000/svg"><g d="M 3.66 35.076 C 3.66 34.566 8.3 34.152 14.024 34.152 C 19.747 34.152 24.387 34.566 24.387 35.076 C 24.387 35.586 19.747 36 14.024 36 C 8.3 36 3.66 35.586 3.66 35.076 Z M 14.006 0.001 C 21.742 0.001 28.013 6.292 28.013 14.053 C 28.013 21.815 21.01 28.106 14.006 35.133 C 7.003 28.107 0 21.814 0 14.054 C 0 6.293 6.271 0.001 14.006 0 Z M 14.009 8.998 C 11.213 9.045 8.971 11.333 8.971 14.139 C 8.971 16.945 11.213 19.233 14.009 19.28 C 16.839 19.279 19.133 16.978 19.133 14.139 C 19.132 11.3 16.839 8.999 14.009 8.998 Z M 5.124 14.381 C 5.124 9.481 9.084 5.508 13.968 5.508 C 18.852 5.508 22.812 9.481 22.812 14.381 C 22.812 19.282 18.852 23.254 13.968 23.254 C 9.084 23.254 5.124 19.282 5.124 14.381 Z M 19.487 10.541 L 18.198 9.246 C 18.108 9.159 17.965 9.159 17.875 9.246 L 12.44 14.7 C 12.35 14.787 12.207 14.787 12.118 14.7 L 10.828 13.406 C 10.738 13.318 10.596 13.318 10.506 13.406 L 9.216 14.7 C 9.129 14.79 9.129 14.933 9.216 15.023 L 12.118 17.934 C 12.207 18.022 12.35 18.022 12.44 17.934 L 19.487 10.864 C 19.575 10.774 19.575 10.63 19.487 10.541 Z M 51.185 11.802 C 51.052 10.617 50.503 9.699 49.538 9.047 C 48.573 8.389 47.359 8.059 45.895 8.059 C 44.846 8.059 43.94 8.225 43.174 8.56 C 42.409 8.885 41.814 9.335 41.39 9.911 C 40.974 10.479 40.766 11.126 40.766 11.852 C 40.766 12.462 40.907 12.987 41.191 13.429 C 41.487 13.876 41.873 14.256 42.325 14.543 C 42.8 14.836 43.308 15.082 43.848 15.282 C 44.36 15.465 44.881 15.624 45.408 15.758 L 47.903 16.409 C 48.719 16.609 49.555 16.88 50.411 17.223 C 51.268 17.565 52.063 18.016 52.795 18.575 C 53.526 19.133 54.13 19.842 54.566 20.653 C 55.024 21.479 55.253 22.468 55.253 23.62 C 55.253 25.072 54.878 26.361 54.13 27.488 C 53.389 28.615 52.313 29.504 50.898 30.155 C 49.493 30.806 47.791 31.132 45.794 31.132 C 43.882 31.132 42.226 30.827 40.828 30.217 C 39.431 29.608 38.337 28.745 37.546 27.626 C 36.756 26.499 36.32 25.164 36.236 23.62 L 40.105 23.62 C 40.18 24.547 40.479 25.318 41.003 25.936 C 41.535 26.546 42.213 27 43.037 27.301 C 43.869 27.592 44.78 27.738 45.77 27.738 C 46.86 27.738 47.829 27.567 48.677 27.225 C 49.534 26.875 50.207 26.391 50.698 25.773 C 51.189 25.147 51.435 24.417 51.435 23.582 C 51.435 22.823 51.219 22.201 50.786 21.717 C 50.362 21.233 49.783 20.832 49.051 20.515 C 48.254 20.173 47.433 19.892 46.593 19.676 L 43.573 18.85 C 41.527 18.291 39.905 17.469 38.707 16.384 C 37.518 15.299 36.923 13.863 36.923 12.077 C 36.923 10.6 37.322 9.31 38.12 8.209 C 38.919 7.107 40.001 6.251 41.365 5.642 C 42.729 5.025 44.268 4.716 45.982 4.716 C 47.712 4.716 49.239 5.02 50.561 5.63 C 51.892 6.24 52.941 7.078 53.706 8.146 C 54.471 9.206 54.87 10.424 54.904 11.802 Z M 59.561 30.706 L 59.561 11.476 L 63.292 11.476 L 63.292 30.706 Z M 61.445 8.509 C 60.796 8.509 60.239 8.292 59.774 7.858 C 59.316 7.416 59.087 6.89 59.087 6.281 C 59.087 5.664 59.316 5.138 59.774 4.704 C 60.221 4.268 60.822 4.03 61.445 4.04 C 62.094 4.04 62.648 4.261 63.105 4.704 C 63.571 5.137 63.803 5.663 63.803 6.281 C 63.803 6.89 63.571 7.416 63.105 7.858 C 62.648 8.292 62.094 8.509 61.445 8.509 Z M 77.258 11.476 L 77.258 14.481 L 66.789 14.481 L 66.789 11.477 L 77.258 11.477 Z M 69.597 6.869 L 73.327 6.869 L 73.327 25.059 C 73.327 25.786 73.436 26.332 73.652 26.699 C 73.868 27.059 74.146 27.304 74.488 27.438 C 74.837 27.563 75.216 27.626 75.624 27.626 C 75.923 27.626 76.185 27.605 76.409 27.564 C 76.634 27.522 76.809 27.488 76.933 27.463 L 77.608 30.555 C 77.391 30.639 77.083 30.723 76.684 30.806 C 76.285 30.897 75.785 30.948 75.187 30.956 C 74.205 30.973 73.29 30.797 72.442 30.43 C 71.606 30.074 70.891 29.483 70.382 28.728 C 69.859 27.96 69.597 26.996 69.597 25.835 Z M 89.44 31.093 C 87.552 31.093 85.925 30.689 84.56 29.879 C 83.205 29.061 82.156 27.914 81.416 26.436 C 80.684 24.951 80.318 23.211 80.318 21.216 C 80.318 19.247 80.684 17.51 81.416 16.008 C 82.156 14.506 83.188 13.334 84.511 12.49 C 85.842 11.647 87.397 11.226 89.177 11.226 C 90.259 11.226 91.307 11.406 92.322 11.764 C 93.342 12.126 94.274 12.703 95.055 13.454 C 95.862 14.222 96.498 15.22 96.964 16.446 C 97.43 17.665 97.663 19.146 97.663 20.89 L 97.663 22.218 L 82.427 22.218 L 82.427 19.413 L 94.007 19.413 C 94.007 18.429 93.807 17.557 93.408 16.797 C 93.025 16.047 92.441 15.418 91.723 14.982 C 91.008 14.54 90.167 14.318 89.202 14.318 C 88.154 14.318 87.239 14.577 86.457 15.094 C 85.693 15.592 85.074 16.283 84.661 17.098 C 84.243 17.923 84.029 18.838 84.036 19.764 L 84.036 21.955 C 84.036 23.24 84.261 24.334 84.711 25.235 C 85.168 26.136 85.804 26.825 86.62 27.301 C 87.434 27.768 88.388 28.001 89.477 28.001 C 90.184 28.001 90.829 27.901 91.411 27.701 C 91.974 27.504 92.489 27.188 92.921 26.775 C 93.356 26.35 93.688 25.832 93.894 25.26 L 97.425 25.899 C 97.152 26.925 96.629 27.867 95.903 28.64 C 95.18 29.416 94.269 30.021 93.171 30.455 C 92.081 30.881 90.837 31.094 89.44 31.094 Z M 110.447 30.781 L 101.388 30.781 L 101.388 5.141 L 110.522 5.141 C 113.092 5.141 115.305 5.655 117.16 6.682 C 119.015 7.7 120.442 9.165 121.44 11.076 C 122.447 12.987 122.95 15.274 122.95 17.936 C 122.95 20.607 122.447 22.902 121.44 24.822 C 120.442 26.741 119.007 28.215 117.135 29.241 C 115.272 30.268 113.042 30.781 110.447 30.781 Z M 106.791 26.136 L 110.222 26.136 C 111.82 26.136 113.163 25.853 114.253 25.285 C 115.351 24.709 116.175 23.821 116.724 22.619 C 117.281 21.409 117.56 19.848 117.56 17.936 C 117.56 16.041 117.281 14.494 116.724 13.291 C 116.175 12.09 115.355 11.206 114.265 10.638 C 113.175 10.07 111.832 9.786 110.235 9.786 L 106.791 9.786 Z M 148.327 5.142 L 148.327 30.781 L 143.661 30.781 L 132.542 14.644 L 132.355 14.644 L 132.355 30.781 L 126.952 30.781 L 126.952 5.141 L 131.694 5.141 L 142.724 21.266 L 142.949 21.266 L 142.949 5.142 Z M 157.196 30.781 L 151.406 30.781 L 160.228 5.141 L 167.191 5.141 L 176 30.781 L 170.21 30.781 L 163.809 11.001 L 163.609 11.001 Z M 156.834 20.703 L 170.51 20.703 L 170.51 24.935 L 156.834 24.935 Z" fill="transparent" height="36.0000012856041px" id="OzaoQi_6f" width="176px"><g d="M 3.66 35.076 C 3.66 34.566 8.3 34.152 14.024 34.152 C 19.747 34.152 24.387 34.566 24.387 35.076 C 24.387 35.586 19.747 36 14.024 36 C 8.3 36 3.66 35.586 3.66 35.076 Z M 14.006 0.001 C 21.742 0.001 28.013 6.292 28.013 14.053 C 28.013 21.815 21.01 28.106 14.006 35.133 C 7.003 28.107 0 21.814 0 14.054 C 0 6.293 6.271 0.001 14.006 0 Z M 14.009 8.998 C 11.213 9.045 8.971 11.333 8.971 14.139 C 8.971 16.945 11.213 19.233 14.009 19.28 C 16.839 19.279 19.133 16.978 19.133 14.139 C 19.132 11.3 16.839 8.999 14.009 8.998 Z M 5.124 14.381 C 5.124 9.481 9.084 5.508 13.968 5.508 C 18.852 5.508 22.812 9.481 22.812 14.381 C 22.812 19.282 18.852 23.254 13.968 23.254 C 9.084 23.254 5.124 19.282 5.124 14.381 Z M 19.487 10.541 L 18.198 9.246 C 18.108 9.159 17.965 9.159 17.875 9.246 L 12.44 14.7 C 12.35 14.787 12.207 14.787 12.118 14.7 L 10.828 13.406 C 10.738 13.318 10.596 13.318 10.506 13.406 L 9.216 14.7 C 9.129 14.79 9.129 14.933 9.216 15.023 L 12.118 17.934 C 12.207 18.022 12.35 18.022 12.44 17.934 L 19.487 10.864 C 19.575 10.774 19.575 10.63 19.487 10.541 Z" fill="transparent" height="36.0000012856041px" id="vGQIQ7I0N" width="28.013092823367117px"><path d="M 0 0.924 C 0 0.414 4.64 0 10.364 0 C 16.087 0 20.727 0.414 20.727 0.924 C 20.727 1.434 16.087 1.848 10.364 1.848 C 4.64 1.848 0 1.434 0 0.924 Z" fill="rgba(20, 32, 23, 0.12)" height="1.8478864174400371px" id="TNNC7VUAm" transform="translate(3.66 34.152)" width="20.727067966862535px"/><path d="M 14.006 0.001 C 21.742 0.001 28.013 6.292 28.013 14.053 C 28.013 21.815 21.01 28.106 14.006 35.133 C 7.003 28.107 0 21.814 0 14.054 C 0 6.293 6.271 0.001 14.006 0 Z M 14.009 8.998 C 11.213 9.045 8.971 11.333 8.971 14.139 C 8.971 16.945 11.213 19.233 14.009 19.28 C 16.839 19.279 19.133 16.978 19.133 14.139 C 19.132 11.3 16.839 8.999 14.009 8.998 Z" fill="rgb(0, 133, 34)" height="35.132610007251365px" id="hmLGGsk_B" width="28.013092823367117px"/><path d="M 0 8.873 C 0 3.973 3.96 0 8.844 0 C 13.728 0 17.688 3.973 17.688 8.873 C 17.688 13.773 13.728 17.746 8.844 17.746 C 3.96 17.746 0 13.773 0 8.873 Z" fill="rgb(255, 255, 255)" height="17.745879021536695px" id="Wnj9CZsUY" transform="translate(5.124 5.508)" width="17.68762507638951px"/><path d="M 10.337 1.36 L 9.047 0.066 C 8.957 -0.022 8.814 -0.022 8.725 0.066 L 3.289 5.519 C 3.2 5.607 3.057 5.607 2.967 5.519 L 1.678 4.225 C 1.588 4.137 1.445 4.137 1.355 4.225 L 0.066 5.519 C -0.022 5.609 -0.022 5.752 0.066 5.842 L 2.967 8.754 C 3.057 8.841 3.2 8.841 3.289 8.754 L 10.337 1.683 C 10.424 1.593 10.424 1.45 10.337 1.36 Z" fill="rgb(0, 133, 34)" height="8.819406613840842px" id="tqESU_zfH" transform="translate(9.151 9.181)" width="10.402414230233745px"/></g><path d="M 14.949 7.762 C 14.816 6.577 14.267 5.659 13.302 5.008 C 12.337 4.349 11.123 4.019 9.659 4.019 C 8.61 4.019 7.704 4.186 6.938 4.52 C 6.173 4.846 5.578 5.296 5.154 5.872 C 4.738 6.439 4.53 7.086 4.53 7.813 C 4.53 8.422 4.671 8.947 4.954 9.39 C 5.25 9.837 5.637 10.216 6.089 10.504 C 6.563 10.796 7.072 11.042 7.612 11.243 C 8.124 11.426 8.645 11.585 9.172 11.719 L 11.667 12.369 C 12.483 12.57 13.319 12.841 14.175 13.183 C 15.032 13.525 15.827 13.976 16.559 14.535 C 17.29 15.093 17.894 15.802 18.33 16.614 C 18.788 17.439 19.017 18.429 19.017 19.581 C 19.017 21.033 18.642 22.322 17.894 23.448 C 17.153 24.575 16.076 25.465 14.662 26.115 C 13.257 26.766 11.555 27.092 9.558 27.092 C 7.645 27.092 5.99 26.787 4.592 26.178 C 3.195 25.568 2.101 24.705 1.31 23.587 C 0.52 22.46 0.083 21.125 0 19.58 L 3.869 19.58 C 3.944 20.507 4.243 21.279 4.767 21.897 C 5.299 22.506 5.977 22.961 6.801 23.261 C 7.633 23.553 8.544 23.699 9.533 23.699 C 10.623 23.699 11.593 23.528 12.441 23.186 C 13.298 22.835 13.971 22.351 14.462 21.734 C 14.953 21.108 15.199 20.378 15.199 19.543 C 15.199 18.783 14.983 18.162 14.55 17.677 C 14.126 17.193 13.547 16.793 12.815 16.476 C 12.018 16.133 11.197 15.853 10.357 15.637 L 7.337 14.811 C 5.291 14.252 3.669 13.43 2.471 12.344 C 1.282 11.259 0.687 9.824 0.687 8.037 C 0.687 6.56 1.086 5.271 1.884 4.169 C 2.683 3.067 3.765 2.212 5.129 1.603 C 6.493 0.986 8.032 0.677 9.746 0.677 C 11.476 0.677 13.003 0.981 14.325 1.59 C 15.656 2.2 16.704 3.039 17.469 4.107 C 18.235 5.166 18.634 6.385 18.668 7.762 Z M 23.325 26.666 L 23.325 7.437 L 27.056 7.437 L 27.056 26.666 Z M 25.209 4.469 C 24.56 4.469 24.003 4.253 23.537 3.819 C 23.08 3.377 22.851 2.851 22.851 2.241 C 22.851 1.624 23.08 1.098 23.537 0.664 C 23.985 0.229 24.586 -0.01 25.209 0 C 25.858 0 26.411 0.221 26.869 0.664 C 27.334 1.098 27.567 1.623 27.567 2.241 C 27.567 2.851 27.334 3.377 26.869 3.819 C 26.411 4.253 25.858 4.469 25.209 4.469 Z M 41.021 7.437 L 41.021 10.441 L 30.553 10.441 L 30.553 7.437 L 41.021 7.437 Z M 33.361 2.829 L 37.091 2.829 L 37.091 21.02 C 37.091 21.747 37.199 22.292 37.415 22.66 C 37.632 23.02 37.91 23.265 38.251 23.399 C 38.601 23.523 38.98 23.587 39.388 23.587 C 39.687 23.587 39.949 23.565 40.173 23.524 C 40.398 23.482 40.573 23.448 40.697 23.424 L 41.371 26.516 C 41.155 26.599 40.847 26.683 40.448 26.766 C 40.049 26.858 39.549 26.909 38.951 26.917 C 37.969 26.933 37.054 26.758 36.205 26.391 C 35.37 26.034 34.655 25.443 34.146 24.688 C 33.623 23.92 33.361 22.956 33.361 21.796 Z M 53.203 27.054 C 51.315 27.054 49.689 26.65 48.324 25.84 C 46.969 25.022 45.92 23.874 45.18 22.397 C 44.448 20.912 44.082 19.171 44.082 17.177 C 44.082 15.207 44.448 13.471 45.18 11.969 C 45.92 10.466 46.952 9.294 48.275 8.451 C 49.605 7.608 51.161 7.186 52.941 7.186 C 54.023 7.186 55.071 7.366 56.086 7.725 C 57.106 8.087 58.038 8.663 58.819 9.415 C 59.626 10.183 60.262 11.18 60.728 12.407 C 61.194 13.626 61.426 15.107 61.426 16.851 L 61.426 18.178 L 46.191 18.178 L 46.191 15.374 L 57.771 15.374 C 57.771 14.39 57.571 13.517 57.172 12.757 C 56.789 12.007 56.205 11.379 55.487 10.942 C 54.771 10.5 53.931 10.278 52.966 10.278 C 51.918 10.278 51.003 10.538 50.221 11.055 C 49.457 11.553 48.838 12.244 48.425 13.058 C 48.007 13.884 47.793 14.798 47.8 15.724 L 47.8 17.915 C 47.8 19.2 48.025 20.294 48.474 21.195 C 48.932 22.096 49.568 22.785 50.384 23.261 C 51.198 23.728 52.151 23.962 53.241 23.962 C 53.948 23.962 54.593 23.862 55.175 23.661 C 55.738 23.465 56.253 23.149 56.685 22.735 C 57.119 22.311 57.452 21.793 57.658 21.22 L 61.189 21.859 C 60.916 22.885 60.393 23.828 59.667 24.601 C 58.943 25.376 58.033 25.982 56.935 26.416 C 55.845 26.842 54.601 27.055 53.203 27.055 Z" fill="rgb(32, 43, 35)" height="27.09212363599378px" id="e8G5N3IY9" transform="translate(36.236 4.039)" width="61.426465447526994px"/><path d="M 9.059 25.64 L 0 25.64 L 0 0 L 9.134 0 C 11.704 0 13.917 0.514 15.772 1.541 C 17.627 2.559 19.054 4.023 20.052 5.934 C 21.059 7.846 21.562 10.133 21.562 12.795 C 21.562 15.466 21.059 17.761 20.052 19.68 C 19.054 21.6 17.619 23.074 15.747 24.1 C 13.884 25.126 11.654 25.64 9.059 25.64 Z M 5.403 20.995 L 8.834 20.995 C 10.432 20.995 11.775 20.712 12.865 20.144 C 13.963 19.568 14.787 18.679 15.336 17.478 C 15.893 16.267 16.172 14.707 16.172 12.795 C 16.172 10.9 15.893 9.353 15.336 8.15 C 14.787 6.949 13.967 6.064 12.877 5.497 C 11.787 4.929 10.444 4.645 8.847 4.645 L 5.403 4.645 Z M 46.939 0.001 L 46.939 25.64 L 42.273 25.64 L 31.154 9.502 L 30.967 9.502 L 30.967 25.64 L 25.564 25.64 L 25.564 0 L 30.306 0 L 41.336 16.125 L 41.561 16.125 L 41.561 0.001 Z M 55.808 25.64 L 50.018 25.64 L 58.84 0 L 65.803 0 L 74.612 25.64 L 68.822 25.64 L 62.421 5.859 L 62.221 5.859 Z M 55.446 15.562 L 69.122 15.562 L 69.122 19.794 L 55.446 19.794 Z" fill="rgb(0, 133, 34)" height="25.639791269011077px" id="lWYN7_Iar" transform="translate(101.388 5.141)" width="74.61203010926135px"/></g></svg>)
Effective Date: January 16, 2026
Effective Date: January 16, 2026
Data Processing Addendum (DPA)
This Data Processing Addendum ("DPA") applies to Hypha Dynamics Inc. ("SiteDNA," "Company," or "Processor") processing Customer Personal Information on behalf of the customer entity ("Customer" or "Controller") in connection with SiteDNA’s Services under the SiteDNA Terms of Use (the "Agreement").
This DPA is intended to satisfy requirements applicable to processors and service providers under U.S. state privacy laws (including the California Consumer Privacy Act as amended by the CPRA) and similar laws, where applicable.
This Data Processing Addendum ("DPA") applies to Hypha Dynamics Inc. ("SiteDNA," "Company," or "Processor") processing Customer Personal Information on behalf of the customer entity ("Customer" or "Controller") in connection with SiteDNA’s Services under the SiteDNA Terms of Use (the "Agreement").
This DPA is intended to satisfy requirements applicable to processors and service providers under U.S. state privacy laws (including the California Consumer Privacy Act as amended by the CPRA) and similar laws, where applicable.
1. Definitions
This Privacy Policy applies when you:
Visit our website
Create an account or use the Service
Communicate with us (for example, by email or through online chat)
The Service is intended for business use and is not directed to children. You must be at least 18 years old to create an account and use the Service. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected personal information from a user under 18, we will take steps to delete that information promptly.
This Privacy Policy applies when you:
Visit our website
Create an account or use the Service
Communicate with us (for example, by email or through online chat)
The Service is intended for business use and is not directed to children. You must be at least 18 years old to create an account and use the Service. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected personal information from a user under 18, we will take steps to delete that information promptly.
2. Roles of the Parties
The parties agree that:
Customer is the Controller of Customer Personal Information.
SiteDNA is the Processor of Customer Personal Information.
The parties agree that:
Customer is the Controller of Customer Personal Information.
SiteDNA is the Processor of Customer Personal Information.
3. Processing Details and Customer Instructions
3.1 Subject Matter and Purpose
Processor will process Customer Personal Information to provide, maintain, secure, support, and improve the Services, including:
Account provisioning and authentication
Hosting Customer Content and operational data
Customer support (including chat support tools)
Product analytics and service performance
Security monitoring and fraud prevention
3.2 Duration
Processing will continue for the term of the Agreement and any period thereafter as necessary to comply with legal obligations and permitted retention.
3.3 Customer Instructions
This DPA and the Agreement constitute Customer’s documented instructions. Customer may provide additional written instructions that are consistent with the Agreement and this DPA.
Customer will not instruct Processor to process Customer Personal Information in a way that violates Data Protection Laws.
3.1 Subject Matter and Purpose
Processor will process Customer Personal Information to provide, maintain, secure, support, and improve the Services, including:
Account provisioning and authentication
Hosting Customer Content and operational data
Customer support (including chat support tools)
Product analytics and service performance
Security monitoring and fraud prevention
3.2 Duration
Processing will continue for the term of the Agreement and any period thereafter as necessary to comply with legal obligations and permitted retention.
3.3 Customer Instructions
This DPA and the Agreement constitute Customer’s documented instructions. Customer may provide additional written instructions that are consistent with the Agreement and this DPA.
Customer will not instruct Processor to process Customer Personal Information in a way that violates Data Protection Laws.
4. Processor Obligations
Processor will:
Process Customer Personal Information only for the purposes described in this DPA and the Agreement
Implement and maintain appropriate technical and organizational measures to protect Customer Personal Information
Ensure Personnel with access to Customer Personal Information are bound by confidentiality obligations
Notify Customer if Processor reasonably believes Customer’s instructions violate applicable Data Protection Laws
4.1 Service Provider Restrictions (U.S. State Privacy Laws)
To the extent applicable under Data Protection Laws, Processor will not:
Sell Customer Personal Information
Share Customer Personal Information for cross-context behavioral advertising
Retain, use, or disclose Customer Personal Information for any purpose other than providing the Services and other permitted business purposes described in this DPA and the Agreement
Retain, use, or disclose Customer Personal Information outside of the direct business relationship between the parties
Combine Customer Personal Information received from Customer with personal information received from other sources, except as permitted by Data Protection Laws (for example, to prevent fraud or ensure security)
Re-identify de-identified or aggregated data
Processor may use Customer Personal Information in aggregated or de-identified form to the extent permitted by the Agreement and Data Protection Laws and will not attempt to re-identify such data.
Processor will:
Process Customer Personal Information only for the purposes described in this DPA and the Agreement
Implement and maintain appropriate technical and organizational measures to protect Customer Personal Information
Ensure Personnel with access to Customer Personal Information are bound by confidentiality obligations
Notify Customer if Processor reasonably believes Customer’s instructions violate applicable Data Protection Laws
4.1 Service Provider Restrictions (U.S. State Privacy Laws)
To the extent applicable under Data Protection Laws, Processor will not:
Sell Customer Personal Information
Share Customer Personal Information for cross-context behavioral advertising
Retain, use, or disclose Customer Personal Information for any purpose other than providing the Services and other permitted business purposes described in this DPA and the Agreement
Retain, use, or disclose Customer Personal Information outside of the direct business relationship between the parties
Combine Customer Personal Information received from Customer with personal information received from other sources, except as permitted by Data Protection Laws (for example, to prevent fraud or ensure security)
Re-identify de-identified or aggregated data
Processor may use Customer Personal Information in aggregated or de-identified form to the extent permitted by the Agreement and Data Protection Laws and will not attempt to re-identify such data.
5. Data Subject Requests
5.1 Handling of Requests
If Processor receives a Data Subject Request relating to Customer Personal Information:
Processor will notify Customer without undue delay, unless legally prohibited.
Processor will not respond substantively to the Data Subject except to direct the Data Subject to Customer, unless required by law.
5.2 Assistance
If Customer cannot fulfill a Data Subject Request using features or controls available in the Services, Processor will provide reasonable assistance upon written request, to the extent required by Data Protection Laws.
5.1 Handling of Requests
If Processor receives a Data Subject Request relating to Customer Personal Information:
Processor will notify Customer without undue delay, unless legally prohibited.
Processor will not respond substantively to the Data Subject except to direct the Data Subject to Customer, unless required by law.
5.2 Assistance
If Customer cannot fulfill a Data Subject Request using features or controls available in the Services, Processor will provide reasonable assistance upon written request, to the extent required by Data Protection Laws.
6. Subprocessors
6.1 Authorization
Customer provides a general authorization for Processor to engage Subprocessors.
6.2 Notice and Objections
Processor may update the list in Appendix C at least 10 days in advance of the Subprocessor Processing Customer Personal Information. If Customer has a good-faith basis to object to a new Subprocessor, Customer may provide a written objection within the notice period. The parties will work in good faith to resolve the objection.
6.3 Flow-Down Terms
Processor will enter into a written agreement with Subprocessors requiring them to protect Customer Personal Information in a manner consistent with this DPA.
6.1 Authorization
Customer provides a general authorization for Processor to engage Subprocessors.
6.2 Notice and Objections
Processor may update the list in Appendix C at least 10 days in advance of the Subprocessor Processing Customer Personal Information. If Customer has a good-faith basis to object to a new Subprocessor, Customer may provide a written objection within the notice period. The parties will work in good faith to resolve the objection.
6.3 Flow-Down Terms
Processor will enter into a written agreement with Subprocessors requiring them to protect Customer Personal Information in a manner consistent with this DPA.
7. Security and Security Incidents
7.1 Security Measures
Processor will maintain appropriate technical and organizational measures designed to protect Customer Personal Information against Security Incidents. A high-level summary is provided in Appendix B.
7.2 Security Incident Notice
Processor will notify Customer without undue delay, and in any event within 72 hours, after becoming aware of a Security Incident and provide reasonable information available at the time, including the nature of the incident and steps taken or planned to mitigate it. Processor will provide additional information as it becomes available. This notification obligation does not apply to incidents caused by Customer or its authorized users.
7.1 Security Measures
Processor will maintain appropriate technical and organizational measures designed to protect Customer Personal Information against Security Incidents. A high-level summary is provided in Appendix B.
7.2 Security Incident Notice
Processor will notify Customer without undue delay, and in any event within 72 hours, after becoming aware of a Security Incident and provide reasonable information available at the time, including the nature of the incident and steps taken or planned to mitigate it. Processor will provide additional information as it becomes available. This notification obligation does not apply to incidents caused by Customer or its authorized users.
8. Audits and Assessments
Upon written request, Processor will:
Provide reasonable responses to Customer’s security questionnaire no more than once per year, and
Provide available security documentation reasonably necessary for Customer’s compliance reviews, subject to confidentiality obligations.
Upon request, Processor will provide information about its security certifications and independent assessments, if any.
Upon written request, Processor will:
Provide reasonable responses to Customer’s security questionnaire no more than once per year, and
Provide available security documentation reasonably necessary for Customer’s compliance reviews, subject to confidentiality obligations.
Upon request, Processor will provide information about its security certifications and independent assessments, if any.
9. Deletion and Return of Customer Personal Information
Within 30 days after expiration or termination of the Agreement, Customer may request in writing that Processor delete Customer Personal Information processed on behalf of Customer.
Upon request, Processor will confirm deletion in writing. Processor may retain information as required to comply with legal obligations or as otherwise permitted under Data Protection Laws.
If Customer does not request deletion within 30 days after termination, Processor will delete Customer Personal Information in accordance with its standard data retention practices as described in the Privacy Policy, except as required by law or permitted under Data Protection Laws.
Within 30 days after expiration or termination of the Agreement, Customer may request in writing that Processor delete Customer Personal Information processed on behalf of Customer.
Upon request, Processor will confirm deletion in writing. Processor may retain information as required to comply with legal obligations or as otherwise permitted under Data Protection Laws.
If Customer does not request deletion within 30 days after termination, Processor will delete Customer Personal Information in accordance with its standard data retention practices as described in the Privacy Policy, except as required by law or permitted under Data Protection Laws.
10. International Transfers
The parties acknowledge that Customer Personal Information may be processed in the United States.
If Customer requires transfer mechanisms for personal data originating from the EEA, UK, or Switzerland (for example, Standard Contractual Clauses), the parties may enter into an addendum or incorporate appropriate transfer terms upon request.
The parties acknowledge that Customer Personal Information may be processed in the United States.
If Customer requires transfer mechanisms for personal data originating from the EEA, UK, or Switzerland (for example, Standard Contractual Clauses), the parties may enter into an addendum or incorporate appropriate transfer terms upon request.
11. Liability
Each party’s liability arising out of or related to this DPA is subject to the limitation of liability provisions in the Agreement.
Each party’s liability arising out of or related to this DPA is subject to the limitation of liability provisions in the Agreement.
12. Term; Order of Precedence
This DPA is effective as of the Effective Date of the Agreement and continues until the Agreement terminates.
If there is a conflict between this DPA and the Agreement regarding processing of Customer Personal Information, this DPA controls.
Appendix A: Description of Processing
Categories of Data Subjects: Customer authorized users; Customer’s end customers/clients and contacts to the extent included in Customer Content.
Categories of Personal Information: Contact and account identifiers; subscription and billing metadata (excluding full card data); in-product content and operational data (including photos and related metadata); usage and device information; IP-based approximate location; support communications.
Sensitive Data: Customer agrees not to submit sensitive personal information (such as health information, financial account numbers, government identifiers, or information revealing racial or ethnic origin, religious beliefs, or sexual orientation) unless expressly permitted under the Agreement and required for the Services. If Customer submits sensitive personal information, Customer is solely responsible for ensuring such submission complies with applicable Data Protection Laws. If precise geolocation is enabled, location data may be processed.
Frequency: Continuous during the term of the Agreement.
Purpose: Providing, maintaining, supporting, securing, and improving the Services.
Appendix B: High-Level Security Measures
Processor maintains a security program designed to protect Customer Personal Information, which may include:
Access controls and least-privilege permissions
Encryption in transit (TLS) and encryption at rest
Logging and monitoring for suspicious activity
Backup and recovery practices
Vendor due diligence and contractual protections with Subprocessors
Incident response procedures
Processor may update security measures over time, provided that updates do not materially reduce overall protections.
Appendix C: Subprocessors
Processor’s Subprocessors may include:
Amazon Web Services (AWS) – Hosting and cloud infrastructure – United States
Stripe – Payment processing – United States
Intercom – Customer support chat and messaging – United States
Mixpanel – Product analytics – United States
HubSpot – CRM and marketing communications – United States
This DPA is effective as of the Effective Date of the Agreement and continues until the Agreement terminates.
If there is a conflict between this DPA and the Agreement regarding processing of Customer Personal Information, this DPA controls.
Appendix A: Description of Processing
Categories of Data Subjects: Customer authorized users; Customer’s end customers/clients and contacts to the extent included in Customer Content.
Categories of Personal Information: Contact and account identifiers; subscription and billing metadata (excluding full card data); in-product content and operational data (including photos and related metadata); usage and device information; IP-based approximate location; support communications.
Sensitive Data: Customer agrees not to submit sensitive personal information (such as health information, financial account numbers, government identifiers, or information revealing racial or ethnic origin, religious beliefs, or sexual orientation) unless expressly permitted under the Agreement and required for the Services. If Customer submits sensitive personal information, Customer is solely responsible for ensuring such submission complies with applicable Data Protection Laws. If precise geolocation is enabled, location data may be processed.
Frequency: Continuous during the term of the Agreement.
Purpose: Providing, maintaining, supporting, securing, and improving the Services.
Appendix B: High-Level Security Measures
Processor maintains a security program designed to protect Customer Personal Information, which may include:
Access controls and least-privilege permissions
Encryption in transit (TLS) and encryption at rest
Logging and monitoring for suspicious activity
Backup and recovery practices
Vendor due diligence and contractual protections with Subprocessors
Incident response procedures
Processor may update security measures over time, provided that updates do not materially reduce overall protections.
Appendix C: Subprocessors
Processor’s Subprocessors may include:
Amazon Web Services (AWS) – Hosting and cloud infrastructure – United States
Stripe – Payment processing – United States
Intercom – Customer support chat and messaging – United States
Mixpanel – Product analytics – United States
HubSpot – CRM and marketing communications – United States