This draft has not been adopted and is not yet in effect. An effective date will be set when it is adopted.

1. Scope and roles

This addendum applies when a customer uses a Business Adjacent LLC product and, in doing so, has us process personal data on the customer's behalf (for example, personal data contained in a ReviewTube workspace). For that data, the customer is the controller and Business Adjacent LLC is the processor. It supplements the Terms of Service.

2. Processing instructions

We process customer personal data only to provide the contracted product and per the customer's documented instructions, unless law requires otherwise. Personnel with access are bound to confidentiality.

3. Subprocessors

We use the subprocessors listed in the Privacy Policy (currently Cloudflare, Supabase, Stripe, and Resend). We will update that list before adding a subprocessor, and the customer may object on reasonable data-protection grounds.

4. Security

We apply technical and organizational measures appropriate to the risk, as described in the Privacy Policy: encryption in transit, restricted production access, and secrets managed outside source code.

5. Assistance

Taking into account the nature of the processing, we will reasonably assist the customer in responding to data-subject requests and in meeting its security and assessment obligations.

6. Breach notice

We will notify the customer without undue delay after becoming aware of a personal data breach affecting customer personal data, with the information we have available.

7. Deletion and return

On termination of the product relationship, we will delete or return customer personal data at the customer's choice, unless law requires us to retain it.

8. Contact

legal@businessadjacent.com