Effective Date: 06.06.2025
This Data Processing Agreement (“DPA”) governs the processing of Personal Data by PricingCraft LLC (the “Processor”) on behalf of its Customers (the “Controller”) solely where PricingCraft acts as a Data Processor under the Terms of Service. This DPA applies specifically to Personal Data that the Controller provides to the Processor or includes in its Licensee Content for processing within the Service. It does not apply to Personal Data for which PricingCraft acts as an independent Data Controller (e.g., account and billing information), as detailed in our Privacy Policy. The Controller remains the sole owner of the Personal Data covered by this DPA and determines the purposes and means of its processing.
1. Subject Matter and Duration
This DPA applies throughout the term of the agreement between the parties and regulates the processing of Personal Data by the Processor as instructed by the Controller.
2. Nature and Purpose of Processing
The Processor shall only process Personal Data covered by this DPA as necessary to provide the Services as outlined in the Terms of Service, specifically for the purpose of enabling the Licensee’s use of the PricingCraft Service for its intended functionality (e.g., processing Licensee Content that may contain Personal Data). The Processor shall not process Personal Data in any manner that is incompatible with the purposes defined by the Controller.
3. Categories of Personal Data and Data Subjects
This DPA covers the following categories of Personal Data provided by the Controller for processing within the Service:
- Personal Data contained within Licensee Content: Any personal data that the Controller or its Authorized Users upload, input, or transmit into the Service as part of product lists, competitor URLs, user-generated notes, or other data, for which the Controller is the Data Controller.
- Limited Personal Data for Service Configuration: Any personal data provided by the Controller specifically for configuring or enabling certain Service features that involve processing by PricingCraft on the Controller’s behalf, beyond what PricingCraft processes as a Controller (e.g., specific user identifiers for integration purposes if they contain PII).
Data Subjects: The Data Subjects whose Personal Data is processed under this DPA are individuals identifiable from the Licensee Content or other data provided by the Controller, primarily authorized users and representatives of the Controller whose data is explicitly included by the Controller for processing by the Service. For clarity, this DPA does not apply to Personal Data collected by PricingCraft where PricingCraft acts as an independent data controller (e.g., your account login details, billing information), which is governed by our Privacy Policy.
For the avoidance of doubt, this DPA does not apply to cookies or similar tracking technologies used by PricingCraft for analytics, security, or platform improvement purposes. Such processing falls outside the scope of this Agreement, as it is performed under PricingCraft’s role as an independent Data Controller and is governed by our Cookie Policy.
4. Controller Responsibilities
The Controller must ensure the legality of the data processing and provide all necessary notices and consents as required by applicable law.
5. Processor Obligations
The Processor agrees to:
• Act only on documented instructions from the Controller
• Maintain confidentiality of data and require staff to do the same
• Implement appropriate technical and organizational measures
• Assist the Controller with data subject rights
• Notify the Controller within 72 hours of any Personal Data breach
• Delete or return data upon termination of the agreement
All personnel with access to Personal Data are subject to confidentiality obligations and trained in data protection practices.
6. Sub-processors
Approved sub-processors include:
• Amazon Web Services (AWS)
• Google Cloud Platform
The Processor shall ensure that all sub-processors are bound by written agreements ensuring the same level of data protection obligations as set forth in this DPA.
7. International Transfers
Data may be transferred outside of the jurisdiction. Safeguards such as Standard Contractual Clauses (SCCs), data transfer agreements, or other lawful mechanisms will be used to ensure compliance.
8. Security Measures
Security measures include:
• Encryption of data at rest and in transit
• Access controls
• Regular system audits and monitoring
9. Audit Rights
The Processor shall provide upon request documentation or certifications necessary to demonstrate compliance with this DPA.
On-site audits may be conducted no more than once per year with at least 30 days’ prior written notice and only if required by applicable law or regulatory authority.
10. Liability and Jurisdiction
This DPA is governed by the laws specified in the Terms of Service and subject to the same limitations of liability therein.
11. Contact Information
For inquiries related to this DPA, contact: hello@pricingcraft.com
This DPA forms part of the Terms of Service and is supplemented by our Privacy Policy.