Data Processing Agreement

"Data Protection Laws" means applicable data protection and privacy laws including GDPR, CCPA, and similar regulations.

"Personal Data" means any information relating to an identified or identifiable natural person.

"Processing" means any operation performed on personal data, including collection, storage, use, and deletion.

"Controller" means you, the customer, who determines the purposes and means of processing personal data.

"Processor" means Geolify, who processes personal data on your behalf.

2.1 Nature and Purpose

We process personal data to provide GEO analysis services, including website audits, performance analytics, and optimization recommendations.

2.2 Categories of Data

• Account information (name, email, company)
• Website URLs and content submitted for analysis
• Usage analytics and platform interaction data
• Payment information (processed by PayPal)

2.3 Data Subjects

End users of your websites whose data may be analyzed through our services.

2.4 Retention Period

Data is retained for the duration of your subscription plus 30 days, unless longer retention is required by law or you request earlier deletion.

We commit to:

• Process personal data only as instructed by you
• Implement appropriate technical and organizational security measures
• Ensure processing staff are bound by confidentiality
• Assist with data subject rights requests
• Notify you of any personal data breaches within 72 hours
• Delete or return data upon termination of services

We implement industry-standard security measures including:

• Encryption of data in transit and at rest
• Regular security assessments and penetration testing
• Access controls and employee background checks
• Secure cloud infrastructure with reputable providers
• Regular security training for all personnel
• Incident response procedures and monitoring

We will assist you in responding to data subject requests including:

• Access: Providing copies of personal data
• Rectification: Correcting inaccurate data
• Erasure: Deleting data when requested
• Portability: Exporting data in machine-readable format
• Objection: Stopping processing for specific purposes
• Restriction: Limiting processing activities

Response time: Within 30 days of receiving a valid request with proper verification.

We may engage sub-processors to assist in providing services. Current sub-processors include:

• PayPal: Payment processing (US)
• Cloud hosting providers: Infrastructure and storage
• Email service providers: Communications
• Analytics providers: Service improvement

We will notify you 30 days in advance of any changes to sub-processors and ensure they meet the same data protection standards.

Personal data may be transferred to countries outside your jurisdiction. We ensure adequate protection through:

• EU Standard Contractual Clauses for GDPR compliance
• Adequacy decisions where available
• Additional safeguards for high-risk transfers
• Regular assessment of transfer mechanisms

In the event of a personal data breach, we will:

• Notify you within 72 hours of becoming aware
• Provide details of the breach and affected data
• Describe measures taken to address the breach
• Cooperate in breach notifications to authorities
• Implement additional security measures if needed