Data Processing Addendum (DPA)

1. Purpose and Scope

This Data Processing Addendum ("DPA") forms part of the Terms of Service or any other written agreement between Lineup Software LLC ("Processor" or "Lineup") and the customer ("Controller" or "Client").

The DPA describes how Lineup processes personal data on behalf of Clients who use our platform.

2. Roles and Responsibilities

Controller (You) – the entity that determines the purpose and means of processing personal data.

Processor (Lineup) – the entity that processes personal data on behalf of the Controller.

Lineup acts as a Processor for all customer data entered or uploaded into the Service.

3. Data Processing Activities

• Subject matter: Operation and improvement of the Lineup platform.
• Duration: For as long as the Client uses the Service or until data deletion upon request.
• Nature and purpose: Hosting, storage, analytics, and collaboration functionality.
• Types of personal data: Names, emails, user identifiers, campaign data, uploaded materials, and other information entered by users.
• Categories of data subjects: Users, team members, creators, clients, and others whose information is submitted to Lineup.

4. Processor Obligations

Lineup agrees to:

• Process data only under your instructions and for the purposes defined in this DPA.
• Keep data confidential and ensure that employees and contractors are bound by confidentiality obligations.
• Implement appropriate security measures, including encryption, access controls, and secure hosting (via Supabase and Vercel).
• Assist you with responding to data access, correction, or deletion requests where possible.
• Notify you without undue delay of any confirmed data breach affecting your data.
• Delete or return data upon termination of services, unless legal obligations require retention.
• Maintain records of processing activities in compliance with applicable law.

5. Sub-Processors

Lineup uses carefully selected third-party sub-processors to provide the Service.

Current sub-processors include:

• Supabase – database and authentication
• Vercel – application hosting
• Stripe – billing and payments
• Google – analytics, authentication, and cloud services

Each sub-processor is bound by written agreements requiring equivalent data protection standards.

6. International Transfers

Lineup stores and processes all data in the United States.

We do not currently transfer data internationally.

7. Security Measures

We use commercially reasonable technical and organizational measures to protect personal data, including:

• Data encryption in transit and at rest
• Access control with authentication and logging
• Network and application firewalls
• Regular backups and monitoring

8. Audits

Upon reasonable request, Lineup will provide information necessary to demonstrate compliance with this DPA.

Formal audits can be arranged under a mutual non-disclosure agreement and at the Client's expense.

9. Liability

Each party's liability under this DPA is subject to the limitations set out in the underlying Terms of Service.

10. Term and Termination

This DPA remains in effect for as long as Lineup processes data on behalf of the Client.

Upon termination, Lineup will delete or return all personal data within 30 days, unless legally required to retain it.

11. Contact

For any privacy or data protection questions, contact: