Data Processing Addendum (DPA)
This Data Processing Addendum (“DPA”) forms part of the Terms between the Customer (“Controller”) and Thump Digital Media, Inc., operating BizSage (“Processor”).
1. Parties
Thump Digital Media, Inc.
Delaware C-Corporation
EIN: 30-1209719
Incorporated: 2 October 2019
Representative: Chris Irwin
Registered Agent: Legalinc Corporate Services Inc.
2. Subject Matter
Processing of personal data to provide BizSage services.
3. Duration
For the duration of the Customer's subscription to BizSage.
4. Types of Data
Personal data processed may include, without limitation: names, emails, business documents, URLs, files, structured data, and chat content.
5. Obligations of Processor
As Processor, BizSage (Thump Digital Media, Inc.) shall:
- Process data only on documented instructions from the Customer.
- Maintain appropriate technical and organizational security measures.
- Notify the Customer of personal data breaches without undue delay.
- Assist the Customer with data subject requests, where feasible.
- Ensure confidentiality of personnel with access to personal data.
- Delete or return personal data at the end of the contract, as requested.
- Maintain and provide a list of subprocessors upon request.
6. Subprocessors
The Customer authorizes the use of the following subprocessors for the provision of BizSage:
- Convex, Inc. — Data, storage, auth, RAG, agents
- Vercel, Inc. — Hosting, edge network, logging
- Groq, Inc. — LLM inference
- Railway, Inc. — Website crawling + document conversion
- Polar — Billing and payments
7. International Transfers
International transfers of personal data are subject to Standard Contractual Clauses (SCCs) and equivalent protections, where required by applicable law.
8. Security
We implement security measures including, but not limited to:
- Encryption in transit
- Access controls
- Audit logging
- Vendor SOC2 assurances and equivalent security programs
9. Liability
Liability between the parties is governed by the Terms of Service.
