Acodei Data Processing Amendment (DPA) between Acodei Software, LLC (“Acodei”) and the User (“User”)
1. Definitions and Interpretation
- 1.1. Data Protection Laws: Any applicable data protection or privacy laws, regulations, or guidance applicable to the processing of User Personal Data under this Addendum, including but not limited to the EU General Data Protection Regulation (“GDPR”).
- 1.2. User Personal Data: Any personal data provided by the User to Acodei for the provision of services, including identification and contact data, and financial information as detailed in Annex A.
2. Data Processing
- 2.1. Purpose of Processing: Acodei will process User Personal Data solely for the purpose of providing the services, including data synchronization between payment processors and accounting software, and as necessary to comply with the User’s instructions and applicable Data Protection Laws.
- 2.2. Third-Party Transfers: Acodei may transfer User Personal Data to third-party service providers as necessary for providing the services, under terms ensuring the privacy and security of the data as detailed in Annex B.
3. Data Security
- 3.1. Security Measures: Acodei will implement appropriate technical and organizational measures to protect User Personal Data against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
4. Subprocessing
- 4.1. Approval of Subprocessors: The User agrees to the engagement of third-party subprocessors by Acodei for the provision of the services.
- 4.2. Subprocessor Obligations: Acodei will ensure that any subprocessors are subject to contractual obligations regarding data protection and security that are no less onerous than those set out in this Addendum.
5. User Rights
- 5.1. Data Subject Rights: Users have rights to access, rectify, erase User Personal Data, and restrict or object to the processing of their Personal Data in accordance with applicable Data Protection Laws.
6. Breach Notification
- 6.1. Notification Obligations: Acodei will notify the User without undue delay upon becoming aware of any unauthorized or unlawful data processing or breach of User Personal Data.
7. Data Deletion
- 7.1. Deletion upon Termination: Upon termination of the Agreement, Acodei will securely delete or return all User Personal Data within 30 days, unless retention is mandated by applicable laws.
8. Governing Law
- 8.1. Jurisdiction: This Addendum shall be governed by and construed in accordance with the laws of The United States of America, without giving effect to any choice or conflict of law provision or rule.
9. Changes to this Addendum
- 9.1. Amendments: Acodei may update or modify this Addendum from time to time to reflect changes in applicable Data Protection Laws or in the services provided. The User will be notified of any material changes.
10. Annexes
- Annex A: Details of Data Processing
- Categories of Data Subjects
- Users: Individuals who have registered to use Acodei services, including business clients.
- Client Customers: End customers of Acodei’s business clients who have transacted through Stripe and whose data is processed for synchronization with QuickBooks.
- Categories of Personal Data
- Users:
- Identification and contact data: Name, email address, business contact details.
- Financial information: Credit card details, transaction history.
- Client Customers:
- Identification and contact data: Name, address, email address, other contact details.
- Financial information: Payment details, transaction amounts, account details.
- Sensitive Data Processed
- Acodei does not intentionally collect or process sensitive personal data as defined by GDPR and other privacy regulations.
- Frequency of Processing
- Continuous, as determined by the user interactions and automated synchronization tasks scheduled within Acodei’s services.
- Purpose of the Processing
- To provide data synchronization services between Stripe and QuickBooks.
- To enhance user experience based on user activity and preferences.
- To comply with legal requirements and user instructions.
- Duration of Processing and Period for which Personal Data Will Be Retained
- Personal data will be processed as long as necessary to provide the services to the user or as required by law.
- User Personal Data is deleted within 30 days of termination of the user’s account or earlier if requested by the user, unless extended retention is required by law.
- Annex B: Acodei Subprocessors
- The following third-party subprocessors are engaged by Acodei to assist in providing its services. This list may be updated from time to time:
- Amazon Web Services (AWS)
- Purpose: Cloud hosting provider for data storage and processing infrastructure.
- Location: Global data centers, with specific regions based on client location to comply with data sovereignty requirements.
- Microsoft Clarity
- Purpose: Analytics tool to enhance user interface and experience.
- Location: Primarily United States.
- Mailgun
- Purpose: Email communication service for transactional emails.
- Location: United States.
- Help Scout
- Purpose: Customer support services to manage and respond to user inquiries.
- Location: United States.
- Slack
- Purpose: Internal and external communication for business operations.
- Location: United States.
- Stripe
- Purpose: Payment processing services.
- Location: Global operations with data processing in multiple jurisdictions.
- Intuit (QuickBooks)
- Purpose: Accounting software provider for syncing financial data.
- Location: United States.
Contact Information
- For any questions or concerns about this Addendum, please contact us at [email protected].