GEOGrow logo GEOGrow

Legal

Data Processing Agreement

Last updated April 14, 2026

Here is the corrected Data Processing Agreement (DPA) with the company name updated to GEOGrow Labs Inc.

Data Processing Agreement (DPA)

Last Updated: May 20, 2026

This Data Processing Agreement (“DPA”) forms part of the GEOGrow Terms of Service and applies to the extent that GEOGrow processes personal data on behalf of the Customer.

1. Roles of the Parties

  • Customer acts as the Data Controller.
  • GEOGrow (GEOGrow Labs Inc.) acts as the Data Processor.
  • GEOGrow processes personal data only on behalf of and in accordance with the Customer’s instructions.

2. Scope of Processing

GEOGrow processes personal data solely for the purpose of:

  • Providing and maintaining the Service.
  • Supporting customer use of the platform.
  • Improving functionality in aggregated and anonymized form.

GEOGrow does not process personal data for its own independent purposes.

3. Categories of Data

Depending on usage, personal data may include:

  • Account information (name, email, company).
  • Usage data (activity within the platform).
  • Customer-provided content, proprietary prompts, or data inputs.

Sensitive personal data should not be submitted unless explicitly agreed in writing or processed via designated secure pathways.

4. Security Measures

GEOGrow implements appropriate technical and organizational safeguards, including:

  • Encryption of data in transit (HTTPS/TLS 1.3) and at rest.
  • Access controls and strict authentication safeguards.
  • System monitoring and isolated environment logging.
  • Regular review of security practices and compliance frameworks.

5. Subprocessors and AI Infrastructure

GEOGrow engages trusted third-party infrastructure and Artificial Intelligence (AI) subprocessors to support the Service, provide analytical intelligence, and execute core platform features.

  • Authorized AI Subprocessors: The platform integrates the enterprise application programming interfaces (APIs) of Google LLC (Gemini Flash) and OpenAI LLC (ChatGPT).
  • Zero Data Retention (ZDR) Enforceability: All data routed through these AI subprocessors is transmitted exclusively via stateless API endpoints. GEOGrow explicitly configures these pipelines to enforce a strict Zero Data Retention protocol (including, but not limited to, setting store: false or utilizing approved zero-retention infrastructure toggles).
  • Data Isolation and Training Exclusion: Content and inputs processed by these subprocessors are handled entirely in volatile memory (RAM) for immediate output generation. Under no circumstances is Customer data written to persistent storage by the subprocessor, used for abuse logging retention, or utilized to train, retrain, or improve public or proprietary foundational models.
  • Compliance Standards: All subprocessors are legally and contractually required to maintain data protection standards no less restrictive than those outlined in this DPA. GEOGrow remains responsible for subprocessors' compliance within the scope of these service boundaries.

6. Data Subject Rights

To the extent required by applicable law, GEOGrow will assist the Customer in responding to data subject requests, including:

  • Access to personal data.
  • Correction or deletion of data.
  • Data portability requests.

Such assistance will be provided within a reasonable timeframe.

7. Data Breach Notification

In the event of a confirmed data breach affecting Customer personal data, GEOGrow will:

  • Notify the Customer without undue delay.
  • Provide relevant information regarding the nature and scope of the breach.
  • Take reasonable steps to mitigate and remediate the issue.

8. Data Retention and Deletion

GEOGrow retains personal data only as long as necessary to provide the Service and comply with legal obligations. Upon termination of the Service:

  • Customer data may be deleted within a reasonable period.
  • Residual copies may remain in secure backups for a limited time.
  • Data will not be actively processed after termination.

As noted in Section 5, customer content transmitted to authorized AI subprocessors is never subject to data retention periods and is immediately dropped post-execution.

9. International Data Transfers

Customer data may be processed in the United States and other jurisdictions where GEOGrow or its subprocessors operate. Where required, GEOGrow will implement appropriate standard contractual clauses or authorized safeguards for cross-border data transfers.

10. Audit and Compliance

GEOGrow will maintain reasonable documentation of its data protection practices. Formal audits or detailed security reviews may be provided only under a separate written agreement.

11. Limitation of Liability

This DPA is subject to the limitations of liability set forth in the GEOGrow Terms of Service.

12. Updates

GEOGrow may update this DPA from time to time to maintain compliance with changing privacy laws or architectural integrations. Continued use of the Service constitutes acceptance of any updates.

Whenever you are ready, please paste the text for your next document (AI Usage & Responsibility Policy).

Questions about this policy? Contact LetsGrow@GEOGrow.ai.

Ask AI about GEOGrow

Open this question in your favorite model to see what the internet says about why brands hire GEOGrow.