Data Processing Addendum

This Data Processing Addendum ("DPA") forms part of the Terms of Servicebetween Spring Digital Commerce LLC ("GetRanked.io", "we", "us", the "Processor") and the customer ("you", the "Controller"). It governs the processing of personal data that we carry out on your behalf when you use the GetRanked.io platform, and applies where such processing is subject to data protection laws including the EU/UK General Data Protection Regulation ("GDPR") and the California Consumer Privacy Act, as amended ("CCPA/CPRA").

1. Roles of the Parties

With respect to personal data you submit to or process through the platform, you act as the Controller (or business) and we act as the Processor (or service provider). We process such personal data only on your documented instructions, which include the instructions set out in the Terms of Service, this DPA, and your configuration and use of the platform.

2. Scope of Processing

• Subject matter: Provision of the GetRanked.io automated SEO content platform.
• Duration: For the term of your subscription and until deletion as described below.
• Nature and purpose: Generating, optimizing, scheduling, and publishing content, and managing connected platform integrations on your behalf.
• Types of data: Account and contact details, authentication credentials for connected platforms, brand configuration, and usage data.
• Categories of data subjects: Your authorized users and personnel.

3. Our Obligations

• Process personal data only on your documented instructions, unless required by law.
• Ensure personnel authorized to process personal data are bound by confidentiality.
• Implement appropriate technical and organizational security measures (see Section 6).
• Assist you, taking into account the nature of processing, in responding to data subject requests.
• Assist you with security, breach notification, and data protection impact assessments as required by law.
• Not sell or share personal data, and not retain, use, or disclose it for any purpose other than performing the services.

4. Sub-processors

You authorize us to engage sub-processors (such as hosting, payment processing, and analytics providers, and AI model providers) to support the service. We impose data protection obligations on each sub-processor that are no less protective than those in this DPA, and we remain responsible for their performance. We will inform you of material changes to our sub-processors on request.

5. International Transfers

Where personal data is transferred outside its country of origin, we rely on appropriate safeguards required by applicable law, such as the European Commission's Standard Contractual Clauses or an equivalent transfer mechanism.

6. Security

We maintain appropriate technical and organizational measures designed to protect personal data against unauthorized or unlawful processing and against accidental loss, destruction, or damage. Connected platform credentials are encrypted at rest and in transit and are never stored in plain text. In the event of a personal data breach affecting your data, we will notify you without undue delay after becoming aware of it.

7. Data Subject Requests

Taking into account the nature of the processing, we will assist you by appropriate technical and organizational measures, insofar as possible, to fulfill your obligation to respond to requests from data subjects exercising their rights under applicable law.

8. Return and Deletion

Upon termination of the services, and at your choice, we will delete or return the personal data we process on your behalf and delete existing copies, unless retention is required by law. Consistent with our Privacy Policy, personal data is deleted within 30 days of account deletion, except where retention is legally required.

9. Audits

We will make available to you information reasonably necessary to demonstrate compliance with this DPA and will allow for and contribute to audits, as required by applicable law, subject to reasonable confidentiality and security conditions.

10. Contact

For questions about this DPA or to request a signed copy, contact us at: