Placeholder copy. Replace with your final DPA before going live. The structure below tracks GDPR Article 28 and the EU Standard Contractual Clauses; confirm with counsel.
1. Scope
This addendum applies when FunnelTrack processes personal data on behalf of the customer (the "controller") in connection with the FunnelTrack service.
2. Roles
Customer is the controller; FunnelTrack is the processor.
3. Processing details
- Subject matter: server-side conversion event routing.
- Categories of data subjects: customer's end users.
- Categories of data: identifiers, conversion event metadata, hashed PII.
- Duration: term of the agreement.
4. Sub-processors
Current sub-processors include Google Cloud Platform (infrastructure), Netlify (marketing site hosting), and Resend (transactional email). The up-to-date list is published on this page.
5. International transfers
Where applicable, transfers rely on the EU Standard Contractual Clauses and supplementary measures.
6. Security
We implement appropriate technical and organizational measures: encryption in transit and at rest, least-privilege access, regular audits.
7. Contact
Questions? Email dpa@funneltrack.com.