Data Processing Agreement

DATA PROCESSING AGREEMENT (DPA)

Last Updated: April 5, 2026

1. INTRODUCTION AND PARTIES

This Data Processing Agreement (“DPA”) forms part of and is incorporated into the Terms of Service and/or any other agreement (“Main Agreement”) between Qlipps (“Company,” “Controller,” or “we”) and the user or entity acting as a content creator, business user, or partner (“Processor,” “you,” or “your”), to the extent that personal data is processed on behalf of the Company.

This DPA governs the processing of personal data in connection with the use of the Qlipps platform (the “Platform”) and establishes the rights and obligations of the parties in compliance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the UK GDPR, and other applicable privacy laws.

2. DEFINITIONS

For the purposes of this DPA:

  • “Personal Data” means any information relating to an identified or identifiable natural person.
  • “Processing” means any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.
  • “Controller” means the entity that determines the purposes and means of processing Personal Data.
  • “Processor” means the entity that processes Personal Data on behalf of the Controller.
  • “Sub-processor” means any third party engaged by the Processor to process Personal Data.
  • “Data Subject” means the individual to whom Personal Data relates.
  • “Applicable Data Protection Laws” means all laws applicable to the processing of Personal Data under this Agreement.

3. SCOPE AND NATURE OF PROCESSING

3.1 Subject Matter

This DPA applies to all processing of Personal Data carried out in connection with the Platform, including user account management, content distribution, monetization, payment processing, and customer support.

3.2 Nature and Purpose

Personal Data is processed for the purpose of:

  • Providing and operating the Platform
  • Enabling content creation, sharing, and monetization
  • Processing payments and payouts
  • Ensuring security, fraud prevention, and compliance
  • Providing customer support and communication

3.3 Categories of Data Subjects

The categories of Data Subjects include:

  • Platform users (viewers and subscribers)
  • Content creators
  • Business partners and service providers

3.4 Categories of Personal Data

The types of Personal Data processed may include:

  • Identification data (e.g., name, username)
  • Contact data (e.g., email, phone number)
  • Financial data (e.g., payment details, billing information)
  • Technical data (e.g., IP address, device information)
  • Usage data (e.g., content interactions, preferences)
  • Verification data (e.g., government IDs for KYC compliance)

4. ROLES AND RESPONSIBILITIES

4.1 Controller Obligations

Qlipps, as the Controller, determines the purposes and means of processing Personal Data and shall ensure that such processing complies with applicable data protection laws.

4.2 Processor Obligations

Where a user or partner acts as a Processor, they shall:

  • Process Personal Data only on documented instructions from Qlipps
  • Ensure confidentiality of all processed data
  • Implement appropriate technical and organizational measures to protect Personal Data
  • Not use Personal Data for any purpose other than those specified in this DPA

5. DATA PROCESSING PRINCIPLES

All processing under this DPA shall adhere to the following principles:

  • Lawfulness, fairness, and transparency – Data must be processed in a lawful and transparent manner.
  • Purpose limitation – Data shall be collected for specified purposes and not further processed in a manner incompatible with those purposes.
  • Data minimization – Only data necessary for the intended purpose shall be processed.
  • Accuracy – Data must be kept accurate and up to date.
  • Storage limitation – Data shall not be retained longer than necessary.
  • Integrity and confidentiality – Appropriate security measures must be implemented.

6. SECURITY MEASURES

Qlipps implements appropriate technical and organizational measures to protect Personal Data, including:

  • Encryption of data in transit and at rest where appropriate
  • Access controls and authentication mechanisms
  • Monitoring and logging of system activity
  • Regular security assessments and audits

Processors must implement equivalent or higher standards of security.

7. SUB-PROCESSING

Qlipps may engage third-party service providers (“Sub-processors”) to process Personal Data, including payment processors such as Stripe and PayPal.

Qlipps ensures that:

  • Sub-processors are subject to appropriate contractual obligations
  • Data protection standards equivalent to this DPA are maintained

Where applicable, users acknowledge and consent to such sub-processing.

8. INTERNATIONAL DATA TRANSFERS

Personal Data may be transferred to and processed in countries outside the user’s jurisdiction, including the United States.

Qlipps ensures that such transfers are conducted in compliance with applicable data protection laws, including:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions where applicable
  • Additional safeguards as required

9. DATA SUBJECT RIGHTS

Qlipps shall ensure that Data Subjects can exercise their rights under applicable laws, including:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to data portability
  • Right to object

Processors shall assist Qlipps in fulfilling these rights where applicable.

10. DATA BREACH NOTIFICATION

In the event of a personal data breach:

  • Processors must notify Qlipps without undue delay
  • Qlipps will assess and notify relevant authorities and affected individuals where required

Notifications must include sufficient details to assess the impact and take remedial action.

11. DATA RETENTION AND DELETION

Personal Data shall be retained only for as long as necessary to fulfill the purposes outlined in this DPA or as required by law.

Upon termination of the Main Agreement:

  • Personal Data shall be securely deleted or returned
  • Retention may continue where legally required

12. AUDIT AND COMPLIANCE

Qlipps reserves the right to audit compliance with this DPA.

Processors shall:

  • Provide necessary information to demonstrate compliance
  • Allow audits or inspections where reasonably required

13. LIABILITY AND INDEMNIFICATION

Each party shall be liable for damages caused by its breach of this DPA.

Processors agree to indemnify Qlipps against claims arising from:

  • Unauthorized processing
  • Failure to comply with data protection obligations

14. GOVERNING LAW

This DPA shall be governed by the laws of the State of Illinois, United States, unless otherwise required by applicable data protection laws.

15. CONTACT INFORMATION

Email: support@qlipps.com

16. FINAL PROVISIONS

This DPA forms an integral part of the Main Agreement. In case of conflict, the provisions of this DPA shall prevail with respect to data protection matters.