← Back to It's Buzzing # Data Processing Addendum (DPA) It's Buzzing, LLC Effective Date: January 2026 | Last Updated: April 2026 Applies To: All Business Accounts

---

1. Purpose and Scope

This Data Processing Addendum ("DPA") forms part of the Terms and Conditions between It's Buzzing, LLC ("Processor," "we," "us") and the customer entity using the Services ("Controller," "Business," "you").

This DPA governs the processing of Personal Data by It's Buzzing on behalf of the Business in connection with the Services and applies to all features and tools offered on the platform, including CRM, referral management, ambassador program tools, BuzzPins, community features, church hub features, digital store, and media tools.

---

2. Roles of the Parties

Where It's Buzzing independently determines the purposes and means of processing (e.g., for fraud prevention, platform security, or legal compliance), It's Buzzing acts as an independent data controller with respect to that processing only.

---

3. Categories of Data Subjects

Personal Data processed under this DPA may relate to:

  • Customers and prospective customers of the Business
  • Leads, referrals, and contacts managed through the CRM
  • Ambassadors and affiliates associated with the Business
  • Employees, contractors, or volunteers of the Business
  • Church members, attendees, and ministry participants (where applicable)
  • Campaign recipients and participants
  • BuzzPin users and visitors interacting with business listings
  • Digital store purchasers and content recipients

    • ---

    4. Categories of Personal Data

    Depending on features used, Personal Data may include:

  • Names, email addresses, phone numbers, and physical addresses
  • Business contact information and professional details
  • Referral and attribution data (ambassador codes, referral links, conversion events)
  • Communication metadata (opens, clicks, delivery timestamps)
  • Reward eligibility, balance, and redemption records
  • Commission data, payout records, and 1099 eligibility information
  • Attendance and participation records (church and event features)
  • IP addresses and device identifiers
  • Purchase records and digital product entitlement data
  • Media consumption data (Infinity Player playlists, sources)
  • BuzzPin submission data and business listing information
    • Sensitive data categories (health, biometric, religious belief, political opinion, etc.) are not required for use of the Services and should not be uploaded unless the Business has explicit legal authorization to do so and has disclosed this to affected data subjects.

    ---

    5. Processing Activities

    Processing activities carried out by It's Buzzing on behalf of the Business may include:

  • Data storage and hosting
  • Campaign execution (email, SMS, push notifications)
  • Referral tracking and attribution
  • Ambassador commission calculation and payout coordination
  • Reward processing and fulfillment
  • Analytics, reporting, and performance insights
  • AI-assisted content optimization and generation
  • Security monitoring, audit logging, and fraud prevention
  • Customer support and troubleshooting
  • BuzzPin management and neighborhood map operations

    • ---

    6. Business Obligations

    The Business represents and warrants that:

  • It has obtained all required consents, lawful bases, and legal authorizations for the collection and processing of Personal Data it provides to It's Buzzing
  • All data uploaded or transmitted through the Services was obtained lawfully and accurately
  • Communications sent through the platform comply with CAN-SPAM, TCPA, GDPR, CASL, and all other applicable laws
  • The Business will not upload, transmit, or use unlawful, deceptive, stolen, or prohibited data through the Services
  • The Business maintains appropriate privacy notices, disclosures, and data subject rights processes for its own customers and contacts
  • The Business will promptly notify It's Buzzing of any data subject rights request that requires It's Buzzing's assistance

    • ---

    7. Processor Obligations

    It's Buzzing agrees to:

  • Process Personal Data only on documented instructions from the Business, except where required by applicable law
  • Maintain appropriate technical and organizational safeguards to protect Personal Data
  • Ensure that personnel with access to Personal Data are bound by appropriate confidentiality obligations
  • Assist the Business with reasonable data subject requests (access, deletion, portability, correction) to the extent technically feasible
  • Notify the Business of any confirmed personal data breach affecting the Business's data without undue delay and within the timeframe required by applicable law
  • Delete or return Business data upon termination of the Services, subject to legal retention requirements
  • Not engage in additional processing activities for which the Business has not provided instructions, except as required by law

    • ---

    8. Subprocessors

    It's Buzzing may engage subprocessors to assist with delivery of the Services. Current subprocessors include, but are not limited to:

  • Cloud hosting and infrastructure providers (e.g., AWS, Google Cloud, Cloudflare)
  • Payment processors (Stripe)
  • Reward fulfillment providers (Giftbit)
  • Email and SMS delivery services (Mailchimp, Brevo, Firebase)
  • AI processing providers (Anthropic, Google)
  • Analytics providers
  • Customer support tools
  • Media storage and delivery (Cloudflare R2)

    • A current list of subprocessors may be provided upon request. It's Buzzing remains responsible for ensuring that any subprocessor processes Personal Data in a manner consistent with this DPA.

    It's Buzzing will provide reasonable advance notice of material changes to its subprocessor list. If the Business objects to a new subprocessor, the parties will work in good faith to resolve the concern. If no resolution is reached, the Business may terminate the Services with reasonable notice.

    ---

    9. International Transfers

    Where applicable, Personal Data may be processed in the United States or in other jurisdictions where It's Buzzing or its subprocessors operate. For transfers from the European Economic Area (EEA), United Kingdom, or other jurisdictions with transfer restrictions, appropriate safeguards are applied as required by law, including but not limited to Standard Contractual Clauses or other valid transfer mechanisms.

    ---

    10. Data Retention and Deletion

    Upon termination of the Services:

  • Business data is retained for 30 days to allow recovery or export
  • Thereafter, data is deleted or anonymized unless retention is required by applicable law or regulation
  • Financial records (including commission, reward, and subscription data) may be retained for a minimum of 7 years for tax and regulatory compliance
  • Ambassador attribution data is retained for the duration of the ambassador relationship plus 7 years for audit and compliance purposes

    • Businesses may request earlier deletion by contacting privacy@itsbuzzing.com. Deletion requests are subject to legal retention requirements and may not apply to all data categories.

    ---

    11. Audits and Compliance Documentation

    The Business may request reasonable documentation demonstrating It's Buzzing's compliance with this DPA, including relevant certifications, security summaries, or policy documents.

    Physical audits or on-site inspections of It's Buzzing's systems are subject to the following conditions:

  • Advance written notice of at least 30 days
  • Execution of appropriate confidentiality agreements
  • Compliance with It's Buzzing's security and operational protocols
  • Limitation to once per calendar year unless required by a specific regulatory investigation

    • Audit costs are borne by the Business unless the audit reveals a material breach by It's Buzzing.

    ---

    12. Liability Allocation

    Nothing in this DPA increases It's Buzzing's aggregate liability beyond the limits set forth in the Terms and Conditions. This DPA does not create any additional rights for data subjects against It's Buzzing beyond those established in the Privacy Policy and applicable law.

    ---

    13. Governing Law

    This DPA is governed by the same governing law and dispute resolution provisions as the Terms and Conditions.

    ---

    14. Contact Information

    Privacy and Data Protection Inquiries: Email: privacy@itsbuzzing.com General Support: Email: support@itsbuzzing.com Legal Inquiries: Email: legal@itsbuzzing.com

    It's Buzzing, LLC | Trust Center | Legal Documents

    Questions? Contact us at legal@itsbuzzing.com