Data Processing Addendum

Effective Date: March 5, 2026

This Data Processing Addendum ("DPA") forms part of the Terms of Service between SDDL Solutions, LLC ("Company") and the Customer.

This DPA governs the processing of personal data by the Company on behalf of the Customer when providing the Service.

1. Roles of the Parties

For purposes of applicable data protection laws:

  • Customer acts as the data controller.
  • Company acts as the data processor.

Customer determines the purposes and means of processing personal data submitted to the Service.

2. Processing Purpose

Company processes personal data solely for the purpose of providing and operating the Service in accordance with the Terms of Service and Customer instructions.

Processing may include storage, analysis, transmission, and deletion of personal data as required to operate the Service.

3. Processing Instructions

Company will process personal data only in accordance with:

  • the Terms of Service
  • this Data Processing Addendum
  • documented instructions provided by the Customer

4. Confidentiality

Company ensures that personnel authorized to process personal data are subject to appropriate confidentiality obligations.

5. Security Measures

Company implements reasonable technical and organizational safeguards designed to protect personal data, including measures such as:

  • access controls and authentication
  • monitoring and logging of system activity
  • infrastructure security controls
  • encryption where appropriate
  • incident detection and response procedures

6. Subprocessors

Company may engage subprocessors to assist in providing the Service.

Subprocessors may include infrastructure providers, payment processors, monitoring providers, communication providers, and artificial intelligence service providers.

A current list of subprocessors may include:

  • Heroku
  • Stripe
  • Postmark
  • AWS
  • GitHub
  • imgbb
  • Bugsnag
  • Anthropic
  • OpenAI
  • Cloudflare
  • jsDelivr

Subprocessors may change from time to time as the Service evolves.

7. Data Subject Requests

If the Company receives a request from an individual regarding access, correction, or deletion of personal data processed on behalf of the Customer, the Company will notify the Customer where appropriate and provide reasonable assistance in responding to such requests.

8. Data Breach Notification

Company will notify the Customer without undue delay upon becoming aware of a confirmed security breach affecting personal data processed on behalf of the Customer.

9. Data Retention and Deletion

Upon termination of the Service, personal data will be retained and deleted in accordance with the data retention provisions described in the Terms of Service.

Upon request, the Customer may export or retrieve Customer Data prior to deletion.

10. International Data Transfers

The Service is operated in the United States.

By using the Service, Customer acknowledges that personal data may be transferred to and processed in the United States.

11. Liability

Liability arising under this DPA is subject to the limitations and exclusions of liability set forth in the Terms of Service.