This Data Processing Addendum (“DPA”) forms part of the agreement between PirateSERP (“Processor,” “we,” “us”) and the customer (“Controller,” “you”) and applies only to the extent PirateSERP processes Personal Data on behalf of the Controller in providing the Service.

1. Roles

• Controller determines purposes and means of processing.
• PirateSERP acts as Processor and processes data on documented instructions.

2. Processing Details

2.1 Subject Matter

Processing of Personal Data as required to provide, maintain, and support the Service.

2.2 Duration

For the term of the Controller’s use of the Service, plus reasonable deletion/retention periods.

2.3 Nature and Purpose

• Account provisioning and authentication
• Subscription and billing management
• Customer support and communications
• Security monitoring and fraud prevention

3. Data Subjects and Categories

May include Controller’s users, customers, prospects, and authorized users. Personal Data may include names, email addresses, IP addresses, login data, billing metadata, and usage data.

4. Processor Obligations

• Process Personal Data only on documented instructions.
• Maintain confidentiality obligations for personnel.
• Implement appropriate security measures.
• Assist with data subject requests where applicable.

5. Sub-processors

Controller authorizes sub-processors necessary to provide the Service (e.g., hosting, email delivery, payment processing such as Stripe, analytics). We remain responsible for sub-processor performance under this DPA.

6. International Transfers

Where data is transferred outside the EU/EEA, we rely on appropriate safeguards (including Standard Contractual Clauses where applicable).

7. Personal Data Breach

We will notify the Controller without undue delay after becoming aware of a confirmed personal data breach affecting data processed under this DPA and provide reasonably available details.

8. Deletion / Return

Upon termination, we will delete or anonymize Personal Data within a reasonable time unless retention is required by law.

9. Audits

Audit rights are limited to reasonable requests, no more than once annually, and must not unreasonably disrupt operations. On-site audits require prior written agreement.

10. Liability and Governing Law

Liability is subject to the limitations in the Terms of Service. This DPA is governed by the laws of the State of California.