This Data Processing Agreement ("DPA") forms part of the agreement between Social Gear, Inc. ("Social Gear," "Processor," "we," "us") and the customer using the Services ("Customer," "Controller"), and governs Social Gear's processing of Personal Data on the Customer's behalf where subject to Applicable Data Protection Laws.
1. Definitions
"Applicable Data Protection Laws" means all privacy and data-protection laws applicable to the processing, including, where applicable, the EU GDPR (2016/679), the UK GDPR, the California Consumer Privacy Act as amended by the CPRA ("CCPA"), the Digital Personal Data Protection Act, 2023 (India) ("DPDPA"), Canada's PIPEDA, the UAE PDPL, and any successor or equivalent legislation. "Controller," "Processor," "Data Subject," "Personal Data," "Processing," and "Personal Data Breach" have the meanings given under those laws. "Subprocessor" means a third party engaged by Social Gear to process Personal Data.
2. Roles of the Parties
For Personal Data processed under this DPA, the Customer is the Controller (or business) and Social Gear is the Processor (or service provider), processing Personal Data only on the Customer's documented instructions, to provide, maintain, secure, and improve the Services, and as required by law. Where Social Gear independently determines the purposes and means of processing (for example, for its own billing, security, and platform operation, and for maintaining the creator dataset), Social Gear acts as an independent Controller under its Privacy Notice, and this DPA does not apply to that processing.
3. Scope, Nature, and Purpose of Processing
Purpose: delivering the Social Gear advertising platform — programmatic advertising, the Creator Console (creator discovery and outreach), the LYKSTAGE Ad Manager (sourcing demand into LYKSTAGE inventory), email, analytics, payment processing, and support. Data-subject categories may include Customer personnel, creators, advertiser and agency representatives, end users, business contacts, and marketing subscribers. Personal-Data categories may include names, usernames, contact details, billing information, account credentials, communications, campaign and audience data, social/creator profile data, device identifiers, IP addresses, and usage data. Unless expressly agreed in writing, the Customer shall not submit special-category or sensitive Personal Data.
4. Security
Social Gear maintains commercially reasonable administrative, technical, and organisational safeguards appropriate to the risk, which may include encryption in transit and at rest, access controls, multi-factor authentication, monitoring and logging, vulnerability testing, secure development, backup and disaster recovery, personnel confidentiality obligations, and security training. Measures are reviewed and updated to address evolving risks.
5. Subprocessors
The Customer authorises Social Gear to engage Subprocessors to provide the Services. Social Gear conducts due diligence, imposes written data-protection terms consistent with this DPA, remains responsible for its Subprocessors' performance, and maintains a current Subprocessor List (Annex A). Social Gear will make the list available and, where required, give the Customer a mechanism to receive notice of, and reasonably object to, new Subprocessors before they process Personal Data.
6. International Transfers
Where Personal Data is transferred across borders, Social Gear implements appropriate safeguards under Applicable Data Protection Laws, including EU Standard Contractual Clauses, the UK International Data Transfer Addendum, adequacy mechanisms, or other lawful transfer mechanisms, together with supplementary measures where required.
7. Assistance, Data-Subject Requests, and Breach Notification
Taking into account the nature of processing, Social Gear provides reasonable assistance with Data-Subject requests, data-protection impact assessments, and regulator consultations. Social Gear notifies the Customer without undue delay after becoming aware of a confirmed Personal Data Breach affecting Customer Personal Data, with available details (nature, categories affected, likely consequences, and remediation), and takes reasonable steps to investigate, contain, and remediate.
8. Audits, Return and Deletion, Confidentiality, Liability, Law
Audits: on reasonable notice and subject to confidentiality, Social Gear provides information (including certifications/reports) reasonably necessary to demonstrate compliance. Return/deletion: on termination, the Customer may retrieve Personal Data within a reasonable period, after which Social Gear deletes or anonymises it unless retention is legally required. Confidentiality: personnel are bound by confidentiality and process data only as authorised. Liability: governed by the limits in the main Agreement, except where Applicable Data Protection Laws prohibit such limits. Governing law/disputes: as specified in the main Agreement.
Annex A — Subprocessor List
| Subprocessor | Function | Data / notes |
|---|---|---|
| LYK Inc. (LYKSTAGE) | LYKSTAGE ad inventory + connecting API | Campaign and delivery data for LYKSTAGE Ad Manager (5 markets: US, UK, CA, UAE, IN). LYK Inc. governs the LYKSTAGE platform under its own terms. |
| Amazon (advertising) | Programmatic media buying / owned inventory | Campaign, device, pseudonymous ad-ID data. [confirm Amazon Ads DPA terms] |
| PubMatic | SSP / supply-side | Supply-chain and bid-stream data. |
| Google DV360 (planned) | Demand-side platform | [confirm Google Ads Data Processing Terms + EU User Consent Policy before go-live] |
| OpenAI (planned) | AI processing for platform features | [if personal data is sent: confirm OpenAI DPA + retention/API terms; disclose to users] |
| YouTube API Services (Google) | Creator enrichment / discovery | Public channel data via API under YouTube API Services Terms + Google Privacy Policy. |
| [Cloud hosting] | Infrastructure / storage | [e.g. AWS / GCP — region] |
| Stripe | Payments (non-India) | Billing / payouts. |
| Razorpay | Payments (India / INR) | Billing / payouts in India. |
| [Analytics provider] | Usage analytics | [complete] |
| [Email/comms provider] | Transactional + marketing email | [complete] |
| [Identity verification] | Creator/publisher/advertiser verification | [to confirm] — consent-based verification/KYC use only. |
Contact
Social Gear, Inc.
Privacy Team: privacy@mysocialgear.com · Support: support@mysocialgear.com · Legal: legal@mysocialgear.com