New: Hoopoe Studio brings every channel into one calm workflow.See what’s new

Data Processing Agreement

Effective Date: 30 June 2026

This Data Processing Agreement (“DPA”) forms part of the Master Terms of Service or other written agreement (“Agreement”) between HoopoeLink Technologies (“Company”) and the subscriber/user (“Customer”) utilizing our AI Marketing Operating System.

1. Definitions and Interpretation

In this DPA, the following terms shall have the meanings set out below:

  • “Customer Personal Data” means any Personal Data processed by Company on behalf of Customer in connection with the Agreement, including Meta Platform Data.
  • “Data Protection Laws” means GDPR, CCPA, and all applicable country-specific data protection laws (including the Kenya Data Protection Act, 2019).
  • “Platform Data” means data accessed or received from connected social platforms (Meta, LinkedIn, X, TikTok, Google) via APIs.
  • “Subprocessor” means any third-party processor engaged by Company to process Customer Personal Data under this DPA.

2. Scope and Role of Parties

Customer acts as the Data Controller (or business under CCPA) and Company acts as the Data Processor (or service provider under CCPA) regarding Customer Personal Data.

The duration, nature, and purpose of processing are defined in the Agreement. Categories of data include account credentials, contact lists, campaigns, text and media drafts, comments, and messages from connected social networks.

3. Obligations of the Processor

Company agrees to:

  • Instructions: Process Customer Personal Data only on documented Customer instructions, including instructions to connect and synchronize social media accounts.
  • Confidentiality: Ensure all personnel authorized to process Customer Personal Data are bound by appropriate confidentiality obligations.
  • Security: Implement technical and organizational security measures designed to protect data against unauthorized access, loss, or alteration.
  • Assistance: Assist Customer in responding to requests from data subjects exercising their rights under Data Protection Laws.

4. Subprocessors

Customer grants a general authorization to Company to engage Subprocessors to provide hosting, database infrastructure, and AI content assistance. Current Subprocessors include:

SubprocessorService ProvidedLocation
Supabase, Inc.Database hosting, file storage, and authenticationUnited States
Vercel, Inc.Frontend application hostingUnited States / Global
OpenAI, LLCAI language processing and caption generationUnited States
Google Cloud / GeminiAI studio tools and infrastructureUnited States / Global
Cloudflare, Inc.Content delivery network and edge securityGlobal
Resend, Inc.Transactional email routingUnited States

Company will notify Customer of any planned changes to Subprocessors, giving Customer the opportunity to object.

5. Personal Data Breaches

Company shall notify Customer without undue delay (and in any event, within 72 hours) upon becoming aware of a personal data breach affecting Customer Personal Data. Company will provide information on the nature of the breach, the affected categories of data, and remediation steps.

6. Data Deletion and Return

Upon termination of the Customer’s account or workspace, Company will delete or return Customer Personal Data in accordance with our Data Deletion Policy within 30 days, unless required otherwise by applicable law.

7. Contact and Inquiries

For questions regarding this DPA or our data protection practices, contact our Data Protection Officer at:
Email: hoopoelink@gmail.com