Data Processing Agreement
Effective Date: January 1, 2026
Table of Contents
1Definitions
This Data Processing Agreement ("DPA") forms part of the agreement between goTether Platform, LLC ("Processor") and business customers ("Controller") for the provision of services. This DPA applies to processing governed by GDPR, UK GDPR, and similar data protection laws.
- Personal Data: Information about identified or identifiable individuals
- Processing: Any operation performed on Personal Data
- Controller: Entity determining processing purposes and methods
- Processor: Entity processing data on Controller's behalf
- Sub-processor: Third parties engaged by Processor for processing
- Data Subject: Individual whose Personal Data is processed
2Scope of Processing
Subject Matter
goTether platform services for creator and agency management.
Duration
The term of the service agreement.
Purpose
Creator management, analytics, and agency services.
Types of Personal Data
- Contact information (name, email, phone)
- Account credentials
- Profile information
- Usage data and analytics
- User-uploaded content
- Communication records
Categories of Data Subjects
- Agency employees and staff
- Managed creators
- Recruits and applicants
3Processor Obligations
goTether commits to:
- Process Personal Data only per documented Controller instructions
- Ensure authorized personnel maintain confidentiality
- Implement appropriate technical and organizational security measures (Article 32)
- Not engage sub-processors without prior authorization
- Assist with data subject rights requests
- Notify Controller of data breaches without undue delay
- Delete or return Personal Data upon service termination
- Provide compliance documentation upon request
4Sub-processors
The following categories of sub-processors are authorized:
- Cloud Infrastructure: Vercel, Supabase
- Payment Processing: Stripe
- Communications: Twilio (SMS), email providers
- Analytics: Sentry (error tracking)
Change Protocol
We will provide 14 days' notice before adding new sub-processors. Controllers may object during the notice period. If an objection cannot be resolved, either party may terminate the affected services.
5International Transfers
Data transfers to the United States are protected through:
- EU Standard Contractual Clauses (SCCs)
- UK Addendum to the SCCs
- Supplementary measures based on transfer impact assessments
SCCs will be executed upon request from the Controller.
6Security Measures
We implement comprehensive security measures including:
- TLS encryption in transit and encryption at rest
- Access controls and multi-factor authentication
- Regular security assessments and penetration testing
- Incident response procedures
- Employee security training
- Physical data center security via cloud providers
- Backup and disaster recovery procedures
7Data Subject Rights
goTether assists Controllers with fulfilling data subject requests, including:
- Access requests (Art. 15)
- Rectification requests (Art. 16)
- Erasure requests (Art. 17)
- Restriction requests (Art. 18)
- Data portability requests (Art. 20)
- Objection to processing (Art. 21)
Contact privacy@gotether.app to initiate assistance with data subject requests.
8Audit Rights
Upon reasonable request, goTether will:
- Provide documentation demonstrating compliance
- Contribute to audits conducted by the Controller or authorized auditors
Audit Requirements
- Minimum 30 days advance notice
- Conducted during standard business hours
- Controller bears audit costs
- Third-party certifications may satisfy audit requirements
9Term and Termination
This DPA is effective for the duration of the service agreement. Upon termination:
- Personal Data will be deleted or returned within 30 days
- Retention may continue where required by law
- Certification of deletion provided upon request
10Contact Information
For DPA-related inquiries:
goTether Platform, LLC
1 Galleria Blvd Suite 1900
Metairie, LA 70001
Privacy: privacy@gotether.app
Legal: legal@gotether.app