Data Processing Agreement
Effective Date: 30 June 2026
This Data Processing Agreement (“DPA”) forms part of the Master Terms of Service or other written agreement (“Agreement”) between HoopoeLink Technologies (“Company”) and the subscriber/user (“Customer”) utilizing our AI Marketing Operating System.
1. Definitions and Interpretation
In this DPA, the following terms shall have the meanings set out below:
- “Customer Personal Data” means any Personal Data processed by Company on behalf of Customer in connection with the Agreement, including Meta Platform Data.
- “Data Protection Laws” means GDPR, CCPA, and all applicable country-specific data protection laws (including the Kenya Data Protection Act, 2019).
- “Platform Data” means data accessed or received from connected social platforms (Meta, LinkedIn, X, TikTok, Google) via APIs.
- “Subprocessor” means any third-party processor engaged by Company to process Customer Personal Data under this DPA.
2. Scope and Role of Parties
Customer acts as the Data Controller (or business under CCPA) and Company acts as the Data Processor (or service provider under CCPA) regarding Customer Personal Data.
The duration, nature, and purpose of processing are defined in the Agreement. Categories of data include account credentials, contact lists, campaigns, text and media drafts, comments, and messages from connected social networks.
3. Obligations of the Processor
Company agrees to:
- Instructions: Process Customer Personal Data only on documented Customer instructions, including instructions to connect and synchronize social media accounts.
- Confidentiality: Ensure all personnel authorized to process Customer Personal Data are bound by appropriate confidentiality obligations.
- Security: Implement technical and organizational security measures designed to protect data against unauthorized access, loss, or alteration.
- Assistance: Assist Customer in responding to requests from data subjects exercising their rights under Data Protection Laws.
4. Subprocessors
Customer grants a general authorization to Company to engage Subprocessors to provide hosting, database infrastructure, and AI content assistance. Current Subprocessors include:
| Subprocessor | Service Provided | Location |
|---|---|---|
| Supabase, Inc. | Database hosting, file storage, and authentication | United States |
| Vercel, Inc. | Frontend application hosting | United States / Global |
| OpenAI, LLC | AI language processing and caption generation | United States |
| Google Cloud / Gemini | AI studio tools and infrastructure | United States / Global |
| Cloudflare, Inc. | Content delivery network and edge security | Global |
| Resend, Inc. | Transactional email routing | United States |
Company will notify Customer of any planned changes to Subprocessors, giving Customer the opportunity to object.
5. Personal Data Breaches
Company shall notify Customer without undue delay (and in any event, within 72 hours) upon becoming aware of a personal data breach affecting Customer Personal Data. Company will provide information on the nature of the breach, the affected categories of data, and remediation steps.
6. Data Deletion and Return
Upon termination of the Customer’s account or workspace, Company will delete or return Customer Personal Data in accordance with our Data Deletion Policy within 30 days, unless required otherwise by applicable law.
7. Contact and Inquiries
For questions regarding this DPA or our data protection practices, contact our Data Protection Officer at:
Email: hoopoelink@gmail.com

