N

nordenagent

Sign inStart free
Template. This is a starter draft. Before public launch, a lawyer in your jurisdiction must review and sign off on every legal document on this site. Do not rely on this for actual legal compliance until that review is complete.

Data Processing Addendum

Last updated: 2026-04-12

This Data Processing Addendum (“DPA”) forms part of the Terms of Service between nordenagent (“Processor”) and you (“Controller”) and applies whenever we process personal data on your behalf — for example, when we use your connected Meta Ads, Google Ads or n8n credentials to run workflows.

1. Subject matter and duration

The subject matter of the processing is the provision of the nordenagent Service. Processing continues for the duration of your subscription and the 30-day deletion window thereafter.

2. Nature and purpose

We process personal data to operate marketing campaigns, generate content, push ads to third-party platforms, run analytics on campaign results, and deliver the chatbot and self-marketing features you enable.

3. Types of data

  • Ad creative text and images you or the agents generate
  • Audience definitions and targeting rules
  • Campaign performance metrics pulled from connected platforms
  • Leads discovered by the self-marketing feature
  • Knowledge-base chunks you upload for the chatbot

4. Categories of data subjects

Your end customers, prospects, and employees whose data flows through the connected third-party platforms.

5. Processor obligations

  • Process personal data only on documented instructions from you.
  • Ensure all personnel are bound by confidentiality.
  • Implement appropriate technical + organizational security measures (encryption in transit + at rest, RLS, least privilege, audit logging, penetration testing before launch).
  • Assist you with data subject requests and notify you without undue delay of any personal data breach.
  • Delete or return all personal data at the end of the engagement.

6. Sub-processors

You authorize us to engage the following sub-processors:

  • Supabase (database, auth, storage) — EU
  • Stripe (billing, tax) — IE
  • Resend (transactional email) — US, with Standard Contractual Clauses
  • Vercel (hosting) — US, with Standard Contractual Clauses (if applicable)

We will notify you by email at least 14 days before adding a new sub-processor.

7. International transfers

Where personal data is transferred outside the EEA, we rely on the EU Standard Contractual Clauses.

8. Audit

On reasonable notice, we will provide information necessary to demonstrate compliance with this DPA.

9. Liability

Our liability under this DPA is subject to the limitations in the main Terms of Service.

10. Contact

Data protection queries: privacy@nordenagent.com