Skip to main content

Data Processing Addendum

Last updated: June 5, 2026

This Data Processing Addendum ("DPA") forms part of the agreement between AdTempo LLC ("Ad Tempo," "we," "us," or "our") and the customer ("Customer," "you") that accepted the Ad Tempo Terms of Service or another written agreement governing use of the Services (the "Agreement"). It governs our processing of Personal Data on your behalf in connection with the Services. Where this DPA conflicts with the Agreement on the subject of data protection, this DPA controls.

Disclaimer: This document is a starting template tailored to Ad Tempo. It is not legal advice. Have it reviewed by qualified counsel before relying on it.

1. Definitions

2. Roles and Scope

With respect to Customer Personal Data, you act as the Controller (or processor on behalf of your own controllers) and Ad Tempo acts as the Processor (or sub-processor). Each party will comply with its obligations under Applicable Data Protection Law. The subject matter, duration, nature, purpose, types of Personal Data, and categories of Data Subjects are set out in Annex I.

3. Processing Instructions

We will process Customer Personal Data only on your documented instructions, including as set out in the Agreement, this DPA, and your configuration and use of the Services, unless required to do otherwise by law (in which case we will, where legally permitted, inform you). Your instructions must comply with Applicable Data Protection Law, and you are responsible for the accuracy, quality, and legality of Customer Personal Data and the means by which you acquired it. We will inform you if, in our opinion, an instruction infringes Applicable Data Protection Law.

4. Confidentiality

We will ensure that personnel authorized to process Customer Personal Data are bound by appropriate confidentiality obligations and process such data only as necessary to provide the Services.

5. Security

Taking into account the state of the art, costs of implementation, and the nature, scope, context, and purposes of processing, we will implement appropriate technical and organizational measures to protect Customer Personal Data, as described in Annex II. We will not materially decrease the overall protection of those measures during the term.

6. Sub-processors

You provide general authorization for us to engage Sub-processors to process Customer Personal Data, subject to this Section. We will: (a) maintain a current list of Sub-processors (Annex III); (b) impose data-protection obligations on each Sub-processor that are no less protective than those in this DPA; (c) remain liable for each Sub-processor's performance; and (d) provide notice of the addition or replacement of a Sub-processor with a reasonable opportunity for you to object on reasonable data-protection grounds. If you reasonably object and we cannot accommodate the objection, you may terminate the affected Services.

7. Data Subject Rights

Taking into account the nature of the processing, we will provide reasonable assistance, including by appropriate technical and organizational measures and in-product functionality, to enable you to respond to requests from Data Subjects to exercise their rights (access, rectification, erasure, restriction, portability, and objection) under Applicable Data Protection Law. If we receive such a request directly, we will, where legally permitted, refer the Data Subject to you.

Where you connect your own data warehouse (e.g., BigQuery, Snowflake, Redshift) as a first-party data source, that warehouse is your system of record and remains under your control. When you erase a Data Subject in the Services, Ad Tempo deletes our copy of that subject's first-party events and adds the identifier to an erasure-suppression list so a subsequent warehouse sync will not re-import the subject. Deleting the upstream record in your own warehouse is your responsibility as Controller — Ad Tempo cannot and does not delete data from systems you control.

8. Personal Data Breach

We will notify you without undue delay after becoming aware of a Personal Data Breach affecting Customer Personal Data and will provide information reasonably available to us to assist you in meeting your breach-notification obligations. Our notification is not an acknowledgment of fault or liability.

9. Data Protection Impact Assessments

Taking into account the nature of processing and information available to us, we will provide reasonable assistance with data protection impact assessments and prior consultations with supervisory authorities that you are required to carry out under Applicable Data Protection Law.

10. Deletion or Return of Data

Upon termination or expiry of the Agreement, or earlier upon your written request, we will delete or return Customer Personal Data and delete existing copies within 30 days, except to the extent retention is required by law or for the establishment, exercise, or defense of legal claims. You may also delete Customer Personal Data, and disconnect connected platforms, through the Services at any time. See also our Data Deletion process at https://adtempo.io/data-deletion.

11. Audits

We will make available information reasonably necessary to demonstrate compliance with this DPA and will allow for and contribute to audits, including inspections, conducted by you or an auditor you mandate, subject to reasonable notice, confidentiality, and frequency limits. We may satisfy this obligation by providing third-party certifications or audit reports where available.

12. International Transfers

To the extent our processing involves the transfer of Customer Personal Data from the EEA, UK, or Switzerland to a country that does not provide an adequate level of protection, the parties agree that the applicable Standard Contractual Clauses (and/or the UK International Data Transfer Addendum) are incorporated into this DPA by reference and apply to such transfers, with the parties' details and selected options completed by reference to this DPA and Annexes.

13. California Consumer Privacy

To the extent we process Personal Data of California residents on your behalf, we act as a Service Provider. We will not: (a) sell or share such Personal Data; (b) retain, use, or disclose it for any purpose other than performing the Services or as otherwise permitted by the CCPA/CPRA; (c) retain, use, or disclose it outside the direct business relationship; or (d) combine it with Personal Data from other sources except as permitted by the CCPA/CPRA. We certify that we understand and will comply with these restrictions.

14. Liability

Each party's liability under this DPA is subject to the limitations and exclusions of liability set out in the Agreement.

15. Term

This DPA takes effect on the effective date of the Agreement and remains in effect until we cease processing Customer Personal Data. Provisions intended to survive termination will survive.

16. General

This DPA is governed by the law and jurisdiction stated in the Agreement, unless required otherwise by Applicable Data Protection Law. If any provision is invalid, the remainder remains in effect.

Annex I — Details of Processing

Annex II — Technical and Organizational Measures

Annex III — Sub-processors

Ad Tempo engages the following categories of Sub-processors to provide the Services. A current, specific list is available on request at [email protected].

Connected advertising and analytics platforms (e.g., Meta, TikTok, X, Google) are not Sub-processors; they are independent controllers/recipients to which we send API requests at your direction.