1. Definitions
- Personal Data means information relating to an identified or identifiable individual.
- Processing means any operation performed on Personal Data.
- Controller, Processor, and Subprocessor have the meanings given under applicable data protection laws.
2. Roles of the Parties
- The Customer is the Data Controller.
- Ribbit is the Data Processor.
- Ribbit processes Personal Data only on documented instructions from the Customer.
3. Scope of Processing
- Nature: hosting, storage, transmission, and processing of data.
- Purpose: providing Ribbit services.
- Types of data: user identifiers, email addresses, user-generated content, transaction data, and analytics data.
- Categories of data subjects: end users, advertisers, and business customers.
4. Security Measures
- Encryption at rest and in transit.
- Access controls.
- Logging and monitoring.
- Secure infrastructure.
- Regular security testing.
5. Subprocessors
- Firebase.
- Twilio.
- ID Analyzer.
- Apple Wallet.
- Tango Card.
- SendGrid.
- Stripe or PayPal.
- Google Analytics.
- Agora if enabled.
- Ribbit remains responsible for subprocessor compliance.
6. Data Subject Rights
Ribbit will assist the Customer in responding to data subject requests.
7. Data Breach Notification
Ribbit will notify the Customer without undue delay after becoming aware of a Personal Data breach.
8. International Transfers
Where applicable, Ribbit relies on standard contractual clauses or equivalent safeguards.
9. Data Retention and Deletion
Upon termination of services, Ribbit will delete or return Personal Data unless legally required to retain it.
10. Audit Rights
Customers may request documentation demonstrating Ribbit's compliance.
11. Governing Law
This DPA is governed by the laws of California, United States.