Data Processing Agreement

This Data Processing Agreement (the "DPA"), entered into by the Contentpup customer identified on the applicable Contentpup ordering document for Contentpup services ("Customer") and Contentpup, governs the processing of personal data that Customer uploads or otherwise provides Contentpup in connection with the services and the processing of any personal data that Contentpup uploads or otherwise provides to Customer in connection with the services.

1. Definitions

"Customer Personal Data" means Personal Data that Customer uploads or otherwise provides Contentpup in connection with its use of Contentpup's services or for which Customer is otherwise a data controller. This includes data from social media platforms such as Instagram, TikTok, Twitter (X), Facebook, Threads, LinkedIn, and other supported platforms.

"Data Controller" means Customer.

"Data Processor" means Contentpup.

"Data Protection Requirements" means the Directive, the General Data Protection Regulation, Local Data Protection Laws, any subordinate legislation and regulation implementing the General Data Protection Regulation, and all Privacy Laws.

"Directive" means the EU Data Protection Directive 95/46/EC.

"EU Personal Data" means Personal Data the sharing of which pursuant to this Agreement is regulated by the Directive, the General Data Protection Regulation and Local Data Protection Laws.

"General Data Protection Regulation" means the European Union Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

"Personal Data" means information about an individual that can be used to identify, contact or locate a specific individual, including data that Customer chooses to provide to Contentpup from social media platforms, applicant tracking systems (ATSs) or customer-relationships management (CRM) services; can be combined with other information that can be used to identify, contact or locate a specific individual; or is defined as "personal data" or "personal information" by applicable laws or regulations relating to the collection, use, storage or disclosure of information about an identifiable individual.

"Personal Data Breach" means any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Personal Data.

"Privacy Laws" means all applicable laws, regulations, and other legal requirements relating to privacy, data security, consumer protection, marketing, promotion, and text messaging, email, and other communications; and the use, collection, retention, storage, security, disclosure, transfer, disposal, and other processing of any Personal Data.

"Process" and its cognates mean any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

"Subprocessor" means any entity which provides processing services to Contentpup in furtherance of Contentpup's processing on behalf of Customer.

"Supervisory Authority" means an independent public authority which is established by a European Union member state pursuant to Article 51 of the General Data Protection Regulation.

2. Nature of Data Processing

Each party agrees to process Personal Data received under the Agreement only for the purposes set forth in the Agreement. The categories of Personal Data processed and the categories of data subjects subject to this DPA are described in Schedule A to this DPA.

3. Compliance with Laws

The parties shall each comply with their respective obligations under all applicable Data Protection Requirements.

4. Customer Obligations

Customer agrees to provide instructions to Contentpup and determine the purposes and general means of Contentpup's processing of Customer Personal Data in accordance with the Agreement. Customer shall comply with its protection, security and other obligations with respect to Customer Personal Data prescribed by Data Protection Requirements for data controllers by establishing and maintaining a procedure for the exercise of the rights of the individuals whose Customer Personal Data are processed on behalf of Customer; processing only data that has been lawfully and validly collected and ensuring that such data will be relevant and proportionate to the respective uses; and ensuring compliance with the provisions of this Agreement by its personnel or by any third-party accessing or using Customer Personal Data on its behalf.

12. Sub-Processors

Contentpup works with the following sub-processors to provide its services:

Amazon Web Services, Inc.
Cloudflare, Inc.
Google, Inc.
Instagram, Inc.
Supabase, Inc.
Vercel, Inc.

Schedule A: Categories of Data Subjects and Personal Data

Contentpup processes the following categories of personal data in the course of providing its services:

Account Data: Basic profile information, contact details, account credentials, and authentication tokens required for service operation.

Content Data: Social media posts, publications, images, videos, comments, reactions, stories, temporary content, and direct messages.

Engagement Data: User interactions including likes, reactions, comments, replies, sharing statistics, follower/following relationships, and interaction history.

Analytics Data: Performance metrics, engagement rates, audience demographics, reach and impression statistics, and growth trends.

Technical Data: Device information, IP addresses, usage patterns, access logs, and platform-specific identifiers.

The data subjects covered by this processing include social media account holders, their followers and connections, content creators, account administrators, and end users who interact with social media content.