Data Processing Agreement (DPA)

Last Updated: 04/13/2026

This Data Processing Agreement ("DPA") forms part of the Terms of Service between Sprusify ("Processor", "we") and the merchant ("Controller", "you") using Sprusify (the "Service").

1. Scope

This DPA applies where we process personal data on your behalf in connection with the Service.

2. Roles

• You are the Data Controller
• We are the Data Processor

3. Nature of Processing

We process personal data to provide affiliate tracking, attribution, reporting, fraud detection, and payout facilitation.

4. Types of Data

• Customer identifiers (e.g., anonymized IDs)
• Order and transaction data
• Affiliate account data (name, email)
• Technical data (IP, device info)

5. Processor Obligations

• Process data only on documented instructions
• Ensure confidentiality of personnel
• Implement appropriate technical and organizational measures
• Assist with data subject rights requests
• Notify of data breaches without undue delay

6. Subprocessors

We may engage subprocessors (e.g., cloud hosting, analytics, Stripe). We ensure they are bound by similar data protection obligations.

7. International Transfers

Data may be transferred outside the EEA. We rely on safeguards such as Standard Contractual Clauses (SCCs).

8. Data Retention & Deletion

Upon termination, we will delete or return personal data unless retention is required by law.

9. Audits

Upon reasonable request, we will provide information necessary to demonstrate compliance.

10. Contact

Email: support@sprusify.com