Data Processing Agreement

1. Subject Matter and Duration

ShiftStackApp processes personal data on your behalf for the purpose of providing the ShiftStackApp service. Processing continues for the duration of your subscription and ceases upon account termination, subject to applicable retention obligations.

2. Nature and Purpose of Processing

We process personal data for the following purposes:

• Account creation and management
• Providing AI website generation services
• Project storage and management
• Analytics and usage monitoring
• Customer support
• Billing and payment processing

3. Type of Personal Data

• Email addresses and names
• IP addresses and device identifiers
• Usage data and analytics
• Content uploaded or generated by users
• Payment information (tokenised by Stripe)

4. Obligations of the Processor

As your data processor, ShiftStackApp will:

• Process personal data only on your documented instructions
• Ensure persons authorised to process data are bound by confidentiality
• Implement appropriate technical and organisational security measures
• Assist you in fulfilling data subject rights requests
• Delete or return all personal data upon termination
• Provide all information necessary to demonstrate compliance
• Notify you without undue delay of any personal data breach

5. Sub-Processors

We use the following authorised sub-processors. You consent to these by using our service. We will notify you before engaging new sub-processors.

6. International Data Transfers

Some sub-processors are located in the United States. Data transfers from the EU/EEA to the US are protected by Standard Contractual Clauses (SCCs) as approved by the European Commission.

7. DPA Requests

Enterprise and business customers may request a signed copy of this DPA by emailing [email protected].