Skip to main content

We got your message!

Our engineer will personally reach out within 24 hours. Check your email.

Data Processing Addendum

Effective Date: April 11, 2026

This Data Processing Addendum ("DPA") forms part of the Terms of Service between the Customer ("Controller") and DeGenito Innovations, LLC, 30 N Gould St., Ste R, Sheridan, WY 82801 ("Processor"). This DPA applies where DeGenito Innovations, LLC processes personal data on behalf of the Customer in connection with the delivery of website and AI growth engine services. By using our Services, the Customer accepts this DPA.

1. Scope of Processing

The Processor shall process personal data only for the purpose of delivering the services described in the Terms of Service, which includes building and operating the Customer's website, generating SEO content, managing Google Business Profile integrations, and providing analytics and performance reporting. Processing is limited to what is necessary to fulfill these purposes and shall not exceed the instructions provided by the Controller.

2. Duration

This DPA is effective for the duration of the Customer's active subscription. Following termination or cancellation, the Processor will retain certain data according to the retention schedule in the Privacy Policy and will delete or return all personal data upon written request, subject to the obligations in Section 8.

3. Sub-Processors

The Processor engages the following sub-processors in the delivery of services. The Controller authorizes engagement of these sub-processors by accepting this DPA. Full details of each sub-processor's data practices are referenced in our Privacy Policy.

  • Anthropic (Claude API): AI content generation. Anthropic does not train models on customer data.
  • Cloudflare (Pages, Workers, KV): Hosting, CDN, and edge storage.
  • Stripe: Payment processing.
  • Resend: Transactional email delivery.
  • Google (PageSpeed API, Search Console API, Indexing API, Ads API): Performance analysis and search optimization.
  • IndexNow: Search engine URL submission.
  • image.thum.io: Website screenshot generation.
  • api.qrserver.com: QR code generation.
  • rdap.org: Domain WHOIS lookup.

The Processor will notify the Controller of any intended changes to sub-processors. The Controller may object to a new sub-processor within 14 days of notification.

4. Technical and Organizational Security Measures

The Processor implements appropriate technical and organizational measures (TOMs) to protect personal data against unauthorized access, disclosure, alteration, or destruction, including:

  • Encryption of all data in transit using TLS/HTTPS
  • Cloudflare edge security, DDoS protection, and WAF
  • Access controls and role-based permissions limiting data access to authorized personnel
  • No storage of payment card data (delegated entirely to Stripe)
  • Automatic data purge schedules enforced at the platform level

5. Data Subject Rights

The Processor shall provide reasonable assistance to the Controller to fulfill the Controller's obligations to respond to data subject requests under applicable data protection law, including requests for access, rectification, erasure, restriction, portability, and objection. Upon receiving a data subject request that relates to personal data processed on behalf of the Controller, the Processor will promptly notify the Controller and cooperate as needed.

6. Data Breach Notification

In the event of a personal data breach affecting data processed under this DPA, the Processor will notify the Controller without undue delay and in any event within 72 hours of becoming aware of the breach. Notification will include:

  • A description of the nature of the breach, including categories and approximate number of records affected
  • The likely consequences of the breach
  • Measures taken or proposed to address the breach and mitigate its effects

7. International Data Transfers

Personal data processed under this DPA is primarily stored and processed in the United States. Where the Controller is located in the European Economic Area, United Kingdom, or another jurisdiction with data transfer restrictions, the Processor relies on Standard Contractual Clauses (SCCs) approved by the European Commission as the lawful mechanism for international transfers. Customers requiring executed SCCs may request them by contacting legal@degenito.ai.

8. Termination and Data Return

Upon termination or expiration of the Customer's subscription:

  • Client-specific schemas, SEO articles, and keyword data are purged immediately upon cancellation.
  • Website files and domain are transferred to the Customer upon request.
  • Remaining personal data is retained according to the retention schedules in the Privacy Policy and deleted upon expiry of those periods.
  • Upon written request, the Processor will confirm deletion or return of all personal data within 30 days.

9. Governing Law

This DPA is governed by the laws of the State of Wyoming. Any disputes arising from this DPA shall be resolved in accordance with the dispute resolution provisions in the Terms of Service.

Acceptance

By using the Services, the Customer acknowledges that they have read, understood, and agree to this DPA. This DPA is incorporated by reference into the Terms of Service.

Contact

For DPA inquiries, executed SCC requests, or data protection questions:

  • Email: legal@degenito.ai
  • Mail: DeGenito Innovations, LLC, 30 N Gould St., Ste R, Sheridan, WY 82801
  • Phone: (561) 600-0399