Data Processing Addendum (DPA)

Effective Date: April 4, 2026

1. Purpose

This Data Processing Addendum (“DPA”) forms part of the Terms of Service and governs the processing of Personal Data when UseLocalGuide (“Processor”) processes data on behalf of the Customer (“Controller”).

2. Scope of Processing

• Processing of Google Business Profile data authorized by the Customer.
• AI-generated drafts based on review and post data.
• Automation logs and usage analytics.

3. Customer Responsibilities

Customer represents that it has lawful basis to process all Personal Data submitted to the Service and to instruct Processor to process such data.

4. Security Measures

Processor implements reasonable technical and organizational safeguards including access controls, encrypted transmission (HTTPS), and restricted database access.

5. Subprocessors

Processor may use third-party subprocessors (hosting providers, infrastructure, AI providers, payment processors) under appropriate confidentiality and data protection obligations.

6. Data Subject Rights

Processor will reasonably assist Customer in responding to data subject requests under GDPR/CCPA, to the extent applicable and technically feasible.

7. Data Retention & Deletion

Upon termination of services, Customer may request deletion of stored personal data, subject to legal retention obligations.

8. International Transfers

Data may be processed in jurisdictions where infrastructure providers operate. Standard contractual safeguards may apply where required.

This DPA is incorporated into and governed by the Terms of Service.