1. Overview
This Data Processing Addendum ("DPA") forms part of the Terms of Service between BrainGrid Digital ("Processor") and the customer ("Controller") for the processing of personal data in connection with BrainGrid Digital products and services.
This DPA applies where BrainGrid Digital processes personal data on behalf of the customer and applicable data protection laws require a data processing agreement.
2. Definitions
Personal Data: Information relating to an identified or identifiable natural person as defined by applicable data protection laws.
Processing: Any operation performed on personal data, including collection, storage, use, disclosure, or deletion.
Controller: The entity that determines the purposes and means of processing personal data.
Processor: The entity that processes personal data on behalf of the Controller.
Data Subject: An identified or identifiable natural person whose personal data is processed.
Applicable Laws: GDPR, CCPA, and other applicable data protection and privacy laws.
Services: BrainGrid Digital products including Power AI Tools, Academy by BrainGrid Digital, SocialProofo, and related services.
3. Scope and Applicability
Applicability
This DPA applies when:
- Customer uses BrainGrid Digital services
- Personal data is processed as part of service delivery
- Applicable data protection laws require a DPA
Personal Data Processed
Types of personal data may include:
- Account information (name, email, company)
- Usage data (activity logs, feature usage)
- Content data (user-generated content, inputs)
- Technical data (IP addresses, device information)
- Communication data (support requests, messages)
Specific data types depend on the services used and customer configuration.
4. Roles and Responsibilities
BrainGrid Digital (Processor)
BrainGrid Digital shall:
- Process personal data only on documented instructions from the Controller
- Ensure personnel are bound by confidentiality obligations
- Implement appropriate technical and organizational security measures
- Assist with data subject rights requests where feasible
- Notify Controller of data breaches without undue delay
- Delete or return personal data upon termination where required
- Make available information necessary to demonstrate compliance
Customer (Controller)
Customer shall:
- Comply with applicable data protection laws
- Ensure lawful basis for processing
- Provide clear instructions for data processing
- Obtain necessary consents from data subjects
- Respond to data subject rights requests
- Maintain records of processing activities
5. Data Processing Instructions
BrainGrid Digital processes personal data:
- To provide the Services as described in the Terms of Service
- To maintain and improve the Services
- To provide customer support
- To ensure security and prevent fraud
- As otherwise instructed by the customer through service configuration
Customer instructions are documented through:
- Service agreements
- Product configuration settings
- Support requests
- This DPA
6. Security Measures
BrainGrid Digital implements technical and organizational measures including:
Technical Measures
- Encryption of data in transit and at rest where appropriate
- Access controls and authentication
- Network security measures
- Security monitoring and logging
- Regular security assessments
Organizational Measures
- Security policies and procedures
- Personnel training
- Incident response procedures
- Vendor management
- Access restrictions
Security measures are reviewed and updated periodically.
7. Subprocessors
Use of Subprocessors
BrainGrid Digital may engage subprocessors to assist in providing Services.
Subprocessors may include:
- Cloud infrastructure providers
- Payment processors
- Email service providers
- Analytics providers
- Support platforms
Subprocessor Obligations
BrainGrid Digital shall:
- Conduct appropriate due diligence
- Impose data protection obligations on subprocessors
- Remain liable for subprocessor performance
Subprocessor Changes
BrainGrid Digital may update subprocessors from time to time.
Current subprocessor information may be requested by contacting support@braingriddigital.com.
8. Data Subject Rights
BrainGrid Digital shall, to the extent legally permitted and where technically feasible:
- Assist Controller in responding to data subject requests
- Provide reasonable cooperation for rights fulfillment
- Implement technical measures to facilitate rights exercise
Data subject rights may include:
- Access
- Rectification
- Erasure
- Restriction
- Portability
- Objection
Controller remains primarily responsible for responding to data subject requests.
9. Data Transfers
Personal data may be transferred to and processed in countries outside the customer's jurisdiction.
Where required by applicable law, BrainGrid Digital implements appropriate safeguards including:
- Standard contractual clauses
- Adequacy decisions
- Other legally recognized transfer mechanisms
10. Audits and Compliance
Audit Rights
Upon reasonable written notice, Controller may:
- Request information about BrainGrid Digital's compliance with this DPA
- Conduct audits or inspections where required by applicable law
Audit rights are subject to:
- Reasonable advance notice
- Confidentiality obligations
- Non-disruption of operations
- Reimbursement of reasonable costs
Compliance Documentation
BrainGrid Digital may provide:
- Security documentation
- Compliance certifications where available
- Attestations
- Audit reports
11. Data Breach Notification
In the event of a personal data breach, BrainGrid Digital shall:
- Notify Controller without undue delay after becoming aware
- Provide available information about the breach
- Take reasonable steps to mitigate harm
- Cooperate with Controller's breach response
Notification shall include, where available:
- Nature of the breach
- Categories and approximate number of data subjects affected
- Likely consequences
- Measures taken or proposed
12. Data Retention and Deletion
Retention
Personal data is retained as long as necessary to:
- Provide Services
- Comply with legal obligations
- Resolve disputes
- Enforce agreements
Deletion
Upon termination or expiration of Services, BrainGrid Digital shall:
- Delete or return personal data as instructed by Controller
- Delete existing copies unless legally required to retain
Deletion is subject to:
- Technical limitations
- Backup retention periods
- Legal retention requirements
13. Liability and Indemnification
Liability
Each party's liability under this DPA is subject to the limitations set forth in the Terms of Service.
Indemnification
BrainGrid Digital shall indemnify Controller for claims arising from BrainGrid Digital's breach of this DPA, subject to Terms of Service limitations.
14. Term and Termination
This DPA remains in effect for the duration of the Services agreement.
Upon termination:
- Data processing obligations continue until data deletion
- Confidentiality obligations survive
- Audit rights may survive for a reasonable period
15. Contact Information
For DPA-related inquiries:
- Legal: legal@braingriddigital.com
- Privacy: legal@braingriddigital.com
- Support: support@braingriddigital.com
BrainGrid Digital
Software Product Company
https://braingriddigital.com
Summary
This Data Processing Addendum establishes the terms under which BrainGrid Digital processes personal data on behalf of customers.
BrainGrid Digital commits to:
- Processing data only on customer instructions
- Implementing appropriate security measures
- Assisting with data subject rights
- Notifying of data breaches
- Complying with applicable data protection laws
Customers remain responsible for ensuring lawful processing and responding to data subject requests.