Data Processing Agreement

Data Processing Agreement (DPA)

Last Updated: April 13, 2026

This Data Processing Agreement (“DPA”) forms part of the GEOGrow Terms of Service and applies to the extent that GEOGrow processes personal data on behalf of the Customer.

1. Roles of the Parties

• Customer acts as the Data Controller
• GEOGrow (Stuff That Spins LLC) acts as the Data Processor

GEOGrow processes personal data only on behalf of and in accordance with the Customer’s instructions.

2. Scope of Processing

GEOGrow processes personal data solely for the purpose of:

• Providing and maintaining the Service
• Supporting customer use of the platform
• Improving functionality in aggregated and anonymized form

GEOGrow does not process personal data for its own independent purposes.

3. Categories of Data

Depending on usage, personal data may include:

• Account information (name, email, company)
• Usage data (activity within the platform)
• Customer-provided content or inputs

Sensitive personal data should not be submitted unless explicitly agreed in writing.

4. Security Measures

GEOGrow implements appropriate technical and organizational safeguards, including:

• Encryption of data in transit (HTTPS/TLS)
• Access controls and authentication safeguards
• System monitoring and logging
• Regular review of security practices

5. Subprocessors

GEOGrow may engage trusted subprocessors to support the Service (e.g., hosting, analytics, infrastructure providers).

• All subprocessors are required to maintain appropriate data protection standards
• A current list of subprocessors is available upon request
• GEOGrow remains responsible for subprocessors’ compliance with this DPA

6. Data Subject Rights

To the extent required by applicable law, GEOGrow will assist the Customer in responding to data subject requests, including:

• Access to personal data
• Correction or deletion of data
• Data portability requests

Such assistance will be provided within a reasonable timeframe.

7. Data Breach Notification

In the event of a confirmed data breach affecting Customer personal data, GEOGrow will:

• Notify the Customer without undue delay
• Provide relevant information regarding the nature and scope of the breach
• Take reasonable steps to mitigate and remediate the issue

8. Data Retention and Deletion

GEOGrow retains personal data only as long as necessary to provide the Service and comply with legal obligations.

Upon termination of the Service:

• Customer data may be deleted within a reasonable period
• Residual copies may remain in backups for a limited time
• Data will not be actively processed after termination

9. International Data Transfers

Customer data may be processed in the United States and other jurisdictions where GEOGrow or its subprocessors operate.

Where required, GEOGrow will implement appropriate safeguards for cross-border data transfers.

10. Audit and Compliance

GEOGrow will maintain reasonable documentation of its data protection practices.

Formal audits or detailed security reviews may be provided only under a separate written agreement.

11. Limitation of Liability

This DPA is subject to the limitations of liability set forth in the GEOGrow Terms of Service.

12. Updates

GEOGrow may update this DPA from time to time. Continued use of the Service constitutes acceptance of any updates.