Data Processing Agreement

This Data Processing Agreement (“DPA”) forms part of the Terms of Service between you (“Data Controller”) and ChurnSafe (“Data Processor”).

Definitions

• Personal Data: Any information relating to an identified or identifiable natural person.
• Processing: Any operation performed on Personal Data, including collection, storage, analysis, and deletion.
• Sub-processor: A third party engaged by ChurnSafe to process Personal Data on behalf of the Data Controller.

Scope of Processing

ChurnSafe processes Personal Data solely to provide the churn prevention services described in our Terms of Service. This includes:

• Receiving and storing behavioral event data from the JavaScript embed
• Computing churn risk scores based on user behavior patterns
• Generating and sending intervention emails on the Data Controller’s behalf
• Providing analytics and reporting through the dashboard

Data Controller Obligations

You are responsible for:

• Ensuring a lawful basis for processing (consent, legitimate interest, etc.)
• Providing appropriate privacy notices to your end users
• Responding to data subject access requests
• Ensuring data accuracy

Data Processor Obligations

ChurnSafe will:

• Process Personal Data only on documented instructions from the Data Controller
• Ensure personnel are bound by confidentiality obligations
• Implement appropriate technical and organizational security measures
• Assist the Data Controller in responding to data subject requests
• Delete or return all Personal Data upon termination of the agreement
• Make available information necessary to demonstrate compliance

Security Measures

ChurnSafe implements the following security measures:

• Encryption in transit (TLS 1.3) and at rest
• Tenant isolation at the database level
• Access controls and authentication
• Regular security assessments
• PII scrubbing in error monitoring systems
• Automated data purge for expired records

Sub-processors

ChurnSafe engages sub-processors as listed on our Sub-processors page. We will notify you of any changes to our sub-processor list.

Data Transfers

Data is processed on Cloudflare’s global edge network. Where data transfers occur outside your jurisdiction, appropriate safeguards are in place.

Data Breach Notification

In the event of a Personal Data breach, ChurnSafe will notify the Data Controller without undue delay and no later than 72 hours after becoming aware of the breach.

Term and Termination

This DPA is effective for the duration of the Terms of Service. Upon termination, ChurnSafe will delete all Personal Data within 30 days unless retention is required by law.

Contact

For DPA-related inquiries, contact us at dpa@churnsafe.co.