Data Processing Addendum
Data Processing Addendum
1. Role of the Parties
This Data Processing Addendum ("DPA") forms part of the Terms of Service between AlpacaRelay LLC ("Processor") and the customer entity ("Customer") and applies where AlpacaRelay processes personal data on Customer's behalf.
Customer is the Data Controller
AlpacaRelay is the Data Processor
Customer is the Data Controller
AlpacaRelay is the Data Processor
2. Scope of Processing
2.1 Subject Matter
Provision of the Service, including AI-based generation of email marketing templates and related content.
2.2 Duration
For the duration of Customer's use of the Service.
2.3 Nature and Purpose
Processing personal data to:
Provide, operate, and support the Service
Generate Outputs
Improve and enhance models and services
Provide customer support
Maintain security and reliability
2.4 Types of Personal Data
Account and contact information
Usage data
Inputs submitted to the Service
Outputs generated by the Service (to the extent they contain personal data)
2.5 Categories of Data Subjects
Customer users
Customer's end customers or contacts (as included in Inputs)
Provision of the Service, including AI-based generation of email marketing templates and related content.
2.2 Duration
For the duration of Customer's use of the Service.
2.3 Nature and Purpose
Processing personal data to:
Provide, operate, and support the Service
Generate Outputs
Improve and enhance models and services
Provide customer support
Maintain security and reliability
2.4 Types of Personal Data
Account and contact information
Usage data
Inputs submitted to the Service
Outputs generated by the Service (to the extent they contain personal data)
2.5 Categories of Data Subjects
Customer users
Customer's end customers or contacts (as included in Inputs)
3. Processor Obligations
AlpacaRelay shall:
Process personal data in accordance with Customer's documented instructions, as set forth in this DPA, the Terms of Service, the Privacy Policy, and as necessary to provide and operate the Service, unless otherwise required by applicable law.
Implement reasonable security measures
Ensure personnel are subject to confidentiality obligations
Assist with data subject requests where applicable
Notify Customer of personal data breaches without undue delay
Upon termination of the Service, AlpacaRelay will delete or return personal data to the extent reasonably practicable, subject to applicable legal, regulatory, security, backup, and operational requirements. AlpacaRelay may retain anonymized or aggregated data and data maintained in backups or logs in accordance with its standard retention practices.
Process personal data in accordance with Customer's documented instructions, as set forth in this DPA, the Terms of Service, the Privacy Policy, and as necessary to provide and operate the Service, unless otherwise required by applicable law.
Implement reasonable security measures
Ensure personnel are subject to confidentiality obligations
Assist with data subject requests where applicable
Notify Customer of personal data breaches without undue delay
Upon termination of the Service, AlpacaRelay will delete or return personal data to the extent reasonably practicable, subject to applicable legal, regulatory, security, backup, and operational requirements. AlpacaRelay may retain anonymized or aggregated data and data maintained in backups or logs in accordance with its standard retention practices.
4. Subprocessors
Customer authorizes AlpacaRelay to engage subprocessors, including:
Cloud hosting providers
Payment processors (e.g., Stripe)
Analytics and monitoring providers
AlpacaRelay remains responsible for subprocessors' compliance with this DPA.
Cloud hosting providers
Payment processors (e.g., Stripe)
Analytics and monitoring providers
AlpacaRelay remains responsible for subprocessors' compliance with this DPA.
5. International Transfers
Where personal data is transferred internationally, AlpacaRelay will implement appropriate safeguards as required by applicable law.
6. Security Measures
AlpacaRelay maintains reasonable technical and organizational measures, including:
Access controls
Encryption in transit
Segregation of production systems
Incident response procedures
Access controls
Encryption in transit
Segregation of production systems
Incident response procedures
7. Liability
Liability under this DPA is subject to the limitations of liability set forth in the Terms of Service.
8. Governing Law
This DPA is governed by the laws of the State of New Hampshire, without regard to conflict of laws principles.
Create your first email today
Bring your ideas to life with AI — it's faster and easier than you think
🎉 No credit card required