Data Processing Agreement
Last Revised October 6, 2025
Overview
This Data Processing Agreement (“DPA”) reflects the requirements of the General Data Protection Regulation (GDPR) and the manner in which Neverminds Solution provides its Services in the European Union. This DPA supplements the Terms of Service between Neverminds Solution, LLC and the Customer. Capitalized terms that are not defined in this DPA have the meaning given to them in the Terms of Service.
1. Definitions
1.1 Affiliate means an entity that directly or indirectly Controls, is Controlled by or is under common Control with an entity.
1.2 Alternative Transfer Solution means a lawful mechanism for the transfer of Personal Data other than the Standard Contractual Clauses.
1.3 Authorized Affiliate means any of Customer's Affiliates permitted to receive the benefit of the Services under the Terms of Service.
1.4 Control means an ownership, voting or similar interest representing fifty percent (50%) or more of the total interests then outstanding of the entity in question.
1.5 Controller means the entity that determines the purposes and means of the Processing of Personal Data.
1.6 Customer Data means the data that Neverminds Solution Processes on behalf of the Customer in the course of providing the Services.
1.7 Data Protection Laws means all applicable privacy and data protection laws and regulations, including, where applicable, the GDPR, Directive 2002/58/EC, the Swiss Federal Data Protection Act, and the data protection laws of the European Union and the United Kingdom.
1.8 Personal Data means any Customer Data relating to an identified or identifiable natural person to the extent that it is protected as personal data under applicable Data Protection Laws.
1.9 Standard Contractual Clauses means the standard data protection clauses for the transfer of personal data to processors established in third countries, as approved under Article 46 of the GDPR.
1.10 Processor means the entity that Processes Personal Data on behalf of the Controller.
1.11 Processing has the meaning given to it in the GDPR.
1.12 Security Incident means an unauthorized or unlawful breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Personal Data.
1.13 Services means the products and services provided by Neverminds Solution under the Terms of Service.
1.14 Sub-processor means any third party or Affiliate engaged by Neverminds Solution to assist in delivering the Services.
2. Scope and Applicability
2.1 Application
This DPA applies to Personal Data that is subject to the Data Protection Laws of the European Union, the European Economic Area, Switzerland, and/or the United Kingdom.
2.2 Role of the Parties
As between the parties, the Customer acts as the Controller and Neverminds Solution acts as the Processor. Neverminds Solution may independently collect and Process data outside of the Customer's use of the Services.
2.3 Customer Obligations
The Customer shall comply with its obligations as a Controller under the Data Protection Laws and shall provide all notices and obtain all consents necessary for the Processing carried out under this DPA.
2.4 Neverminds Solution Processing
Neverminds Solution shall Process Personal Data only: (i) to perform the Services in accordance with the Terms of Service; (ii) as necessary to carry out steps in connection with that performance; and (iii) in accordance with the Customer's lawful and documented instructions.
2.5 Nature of the Data
Customer Data may include email addresses, social media postings, analytics, and authorization tokens. Processing includes storage for the purpose of maintaining the Service, providing customer support, and making disclosures required by law.
2.6 Neverminds Solution Data
Neverminds Solution retains the right to use operational data for billing, account management, support, product development, and marketing purposes.
3. Sub-processing
3.1 Authorized Sub-processors
The Customer authorizes the engagement of the following Sub-processors:
- Google LLC, United States
- Mailgun Technologies, United States
- Cloudflare, Inc., United States
- Stripe, Inc., United States
- DigitalOcean, LLC, United States
- Crisp IM S.A.S., France
- MailerLite, United States
- Pipedrive, United States
3.2 Sub-processor Obligations
Neverminds Solution enters into a written agreement with each Sub-processor imposing data protection terms that require the Sub-processor to protect the Personal Data to the standard required by Data Protection Laws.
3.3 Changes to Sub-processors
Updates to this document reflect the addition or removal of Sub-processors.
3.4 Objection to Sub-processors
The Customer may object to a Sub-processor on reasonable data protection grounds. The parties will discuss the Customer's concerns in good faith, and either party may terminate the affected Services if the concern cannot be resolved.
4. Security
4.1 Security Measures
Neverminds Solution implements commercially reasonable appropriate technical and organizational security measures designed to protect Personal Data against Security Incidents.
4.2 Confidentiality of Processing
Neverminds Solution ensures that personnel authorized to Process Personal Data are bound by an appropriate obligation of confidentiality (whether a contractual or statutory duty).
4.3 Security Incident Response
Upon confirmation of a confirmed breach, Neverminds Solution shall notify Customer without undue delay.
4.4 Updates to Security Measures
Neverminds Solution may update its security measures from time to time, provided that such updates do not degrade the overall security of the Services.
5. Security Reports and Audits
5.1 Security Documentation
Neverminds Solution maintains records of its security measures and, upon written request limited to once annually, provides certifications or audit summaries.
5.2 Audit Rights
Signatories to the Standard Contractual Clauses may conduct independent audits as provided for in those clauses.
6. International Transfers
6.1 Processing Locations
Personal Data originating in the EU, EEA, or Switzerland is stored in data centers located in the United States with appropriate safeguards under the Data Protection Laws.
6.2 Transfers of Data
Transfers of Personal Data to countries that do not ensure an adequate level of protection are governed by the Standard Contractual Clauses or an Alternative Transfer Solution as required by the Data Protection Laws.
6.3 Disclosure of Confidential Information Containing Personal Data
Where a signatory to the Standard Contractual Clauses discloses Personal Data, such disclosure is made in compliance with those clauses.
7. Return or Deletion of Data
7.1 Data Retention
Upon deactivation of the Services, all Personal Data shall be deleted, except as required to be retained by law or as archived on back-up systems in an isolated manner.
8. Cooperation
8.1 Reasonable Cooperation
Neverminds Solution provides reasonable technical and organizational assistance to the Customer in responding to requests from individuals exercising their rights and to data protection authorities, at the Customer's expense.
8.2 Data Protection Authority
Neverminds Solution provides information reasonably necessary to support data protection impact assessments, at the Customer's expense.
9. Miscellaneous
9.1 Terms of Service Prevalence
In the event of a conflict, this DPA takes precedence over conflicting provisions of the Terms of Service with respect to the Processing of Personal Data.
9.2 Integral to Terms
This DPA is incorporated into and forms part of the Terms of Service.
9.3 Liability
Nothing in this DPA limits or excludes either party's liability under the Data Protection Laws.
9.4 Governing Law
This DPA is governed by the laws of the State of New York, unless the Data Protection Laws require otherwise. See the Neverminds Solution Terms of Service.
The Standard Contractual Clauses referenced in this DPA are available via an annex document upon request.
Contact us
If you have questions regarding this Data Processing Agreement or about the security practices of Neverminds Solution, please contact us at contact@ayrshare.com.