1. Scope & Applicability
This Data Processing Addendum ("DPA") supplements our Terms of Service. It applies where and to the extent that SearchAnalytics.ai processes Personal Data on behalf of its customers that is subject to the General Data Protection Regulation (GDPR) or California Consumer Privacy Act (CCPA).
2. Roles & Instructions
The Customer acts as the Data Controller, and SearchAnalytics.ai acts as the Data Processor. We process Personal Data exclusively to provide the Services in accordance with the documented instructions of the Customer, including settings configured in the platform.
3. Subprocessors
Customer authorizes SearchAnalytics.ai to engage sub-processors to conduct infrastructure and analytical work. Our core sub-processors include:
- Supabase / PostgreSQL: Database storage and user authentication (hosted in secure European/US regions).
- Cloudflare / Vercel: DNS, caching, CDN, edge routing, and hosting environments.
- Stripe: Payment gateway and subscription invoice management.
We maintain written contracts with all sub-processors ensuring they meet the same high standard of privacy protection.
4. Data Subject Rights
To the extent that Customer does not have the ability to address a Data Subject request independently, SearchAnalytics.ai will provide reasonable cooperation and assistance to help Customer fulfill its obligations under GDPR/CCPA.
5. Security & Audits
SearchAnalytics.ai implements and maintains appropriate technical and organizational measures as described in our Security Policy. We agree to provide standard verification documentation upon request to confirm compliance.