← Back to It's Buzzing # Data Processing Addendum (DPA) It's Buzzing, LLC Effective Date: January 2026 Applies To: All Business Accounts

1. Purpose and Scope

This Data Processing Addendum ("DPA") forms part of the Terms and Conditions between It's Buzzing, LLC ("Processor," "we," "us") and the customer entity using the Services ("Controller," "Business," "you").

This DPA governs the processing of Personal Data by It's Buzzing on behalf of the Business in connection with the Services.

2. Roles of the Parties

The Business determines the purposes and means of processing Personal Data. It's Buzzing processes Personal Data only on documented instructions from the Business.

3. Categories of Data Subjects

Personal Data may relate to:

  • Customers and prospective customers
  • Leads and referrals
  • Ambassadors and affiliates
  • Employees, contractors, or volunteers
  • Church members and attendees (where applicable)
  • Campaign recipients and participants

    • 4. Categories of Personal Data

    Depending on features used, Personal Data may include:

  • Names, email addresses, phone numbers
  • Business contact information
  • Referral attribution data
  • Communication metadata (opens, clicks, timestamps)
  • Reward eligibility and redemption records
  • Attendance or participation data (church features)
  • IP addresses and device identifiers
    • Sensitive data is not required and should not be uploaded unless explicitly authorized by law.

    5. Processing Activities

    Processing activities may include:

  • Data storage and hosting
  • Campaign execution (email, SMS, notifications)
  • Referral tracking and attribution
  • Reward processing and fulfillment
  • Analytics and reporting
  • AI-assisted optimization
  • Security monitoring and audit logging
  • Customer support and troubleshooting

    • 6. Business Obligations

    The Business represents and warrants that:

  • It has obtained all required consents and lawful bases for data collection and processing
  • Uploaded data is accurate and lawfully obtained
  • Communications comply with CAN-SPAM, TCPA, GDPR, CASL, and applicable laws
  • It will not upload unlawful, deceptive, or prohibited data
  • It maintains appropriate data subject disclosures and privacy notices

    • 7. Processor Obligations

    It's Buzzing agrees to:

  • Process data only on documented instructions from the Business
  • Maintain appropriate technical and organizational safeguards
  • Ensure confidentiality obligations for personnel with access to Personal Data
  • Assist with reasonable data subject requests (access, deletion, portability)
  • Notify Business of confirmed data breaches without undue delay
  • Delete or return data upon termination (subject to legal retention requirements)

    • 8. Subprocessors

    It's Buzzing may engage subprocessors, including but not limited to:

  • Cloud hosting providers (AWS, Google Cloud, etc.)
  • Payment processors (Stripe)
  • Reward fulfillment providers (Giftbit)
  • Email/SMS delivery services
  • Analytics providers
  • Customer support tools

    • A current list may be provided upon request. It's Buzzing remains responsible for subprocessors' compliance with this DPA.

    9. International Transfers

    Where applicable, data may be processed in the United States or other jurisdictions where subprocessors operate. Appropriate safeguards (Standard Contractual Clauses, adequacy decisions, etc.) are applied where required by law.

    10. Data Retention and Deletion

    Upon termination of the Services:

  • Business data is retained for 30 days to allow recovery or export
  • Thereafter, data is deleted or anonymized unless retention is required by law
  • Certain financial records may be retained for tax compliance (typically 7 years)

    • Businesses may request earlier deletion by contacting privacy@itsbuzzing.com.

    11. Audits

    Business may request reasonable documentation demonstrating compliance with this DPA. Physical audits or on-site inspections require:

  • Advance written notice (at least 30 days)
  • Confidentiality agreements
  • Compliance with It's Buzzing's security protocols
  • Limitation to once per year unless required by regulatory investigation

    • 12. Liability Allocation

    Nothing in this DPA increases It's Buzzing's liability beyond the limits set forth in the Terms and Conditions.

    13. Governing Law

    This DPA is governed by the same law and dispute resolution provisions as the Terms and Conditions.

    14. Contact Information

    Data Protection Officer (if applicable): Email: privacy@itsbuzzing.com General Support: Email: support@itsbuzzing.com

    It's Buzzing, LLC | Trust Center | Legal Documents

    Questions? Contact us at legal@itsbuzzing.com