Data Processing Addendum (DPA)

Data Processing Addendum (DPA)

Last updated: September 29, 2025

This Data Processing Addendum (“DPA”) forms part of the Terms of Service and/or any agreement between Gopanear (“Processor”) and the customer using Gopanear services (“Controller”).

The DPA reflects the parties’ agreement regarding the processing of personal data in compliance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), UK GDPR, and California Consumer Privacy Act (CCPA).

  1. Definitions

    • Personal Data:Any information relating to an identified or identifiable natural person.
    • Processing: Any operation performed on Personal Data, such as collection, storage, access, transmission, or deletion.
    • Controller: The customer (you) who determines the purpose and means of processing Personal Data through the Gopanear platform.
    • Processor: Gopanear, which processes Personal Data on behalf of the Controller.
    • Sub-processor: Any third party engaged by Gopanear to process Personal Data.

  2. Scope of Processing

    Gopanear processes Personal Data only to provide its system builder services, including:

    • Hosting and deploying websites, webapps, and mobile apps.
    • Managing accounts, billing, domains, and integrations.
    • Providing support, monitoring, and analytics.
    • Enabling marketplace transactions (templates, add-ons, etc.).
    • Processing AI-generated content requests.

  3. Controller Responsibilities

    The Controller is responsible for:

    • Ensuring the lawful collection of Personal Data from end users.
    • Providing appropriate privacy notices and obtaining consents.
    • Determining the legal basis for Processing (e.g., consent, contract, legitimate interest).
    • Responding to requests from data subjects (access, deletion, portability, etc.).

  4. Processor Responsibilities

    Gopanear agrees to:

    • Process Personal Data only on documented instructions from the Controller.
    • Ensure staff authorized to process Personal Data are bound by confidentiality.
    • Implement appropriate technical and organizational security measures.
    • Notify the Controller without undue delay of any personal data breach.
    • Assist the Controller in fulfilling obligations regarding data subject rights.
    • Provide evidence of compliance upon request (subject to confidentiality).

  5. Sub-Processors

    • Gopanear may engage trusted third-party Sub-processors (e.g., cloud hosting providers, payment processors, AI service providers).
    • A current list of Sub-processors is available upon request.
    • Gopanear ensures that Sub-processors provide at least the same level of data protection as required under this DPA.

  6. International Data Transfers

    • Personal Data may be transferred outside the country of origin, including to countries without equivalent data protection laws.
    • Gopanear ensures such transfers comply with applicable regulations (e.g., EU Standard Contractual Clauses, UK Addendum, or other safeguards).

  7. Security Measures

    Gopanear maintains industry-standard security measures, including but not limited to:

    • Encryption in transit (TLS/HTTPS).
    • Access control, role-based permissions, and secure authentication.
    • Regular vulnerability testing and system monitoring.
    • Redundant backups and disaster recovery procedures.

  8. Data Breach Notification

    In the event of a confirmed personal data breach, Gopanear will:

    • Notify the Controller without undue delay.
    • Provide details of the breach, likely impact, and steps taken.
    • Cooperate with the Controller in remediation and notification of authorities if required.

  9. Data Retention & Deletion

    • Personal Data will be retained only for as long as necessary to provide services or comply with legal obligations.
    • Upon account termination or at the Controller’s request, Gopanear will delete or return Personal Data, except where retention is required by law.

  10. Audits

    • The Controller may request audit information to verify compliance with this DPA.
    • Audits will be limited to once annually, during normal business hours, and must not disrupt Gopanear operations.

  11. Liability & Indemnification

    • Each party’s liability under this DPA is subject to the limitations of liability set forth in the main agreement between the parties.

  12. Term & Termination

    • This DPA remains in effect as long as Gopanear processes Personal Data on behalf of the Controller. Upon termination, all Personal Data will be deleted or returned, unless otherwise required by law.

  13. Governing Law

    • This DPA will be governed by the same laws that apply to the underlying agreement between Gopanear and the Controller.

Contact for Data Protection Matters

Email : privacy@gopanear.com
Address : 4th Floor, Office No-410, Unique Square, Singanpore, Katargam,Surat City, Surat- 395004, Gujarat, India.