Data Processing Agreement (DPA)
Last updated: June 18, 2026
1. Purpose and parties
This Data Processing Agreement (« DPA ») supplements the Terms and applies when Seedlane processes personal data on behalf of the Client (brand, agency, or subscribed professional) under GDPR Art. 28.
Data controller (Client): the legal entity or professional holding the Seedlane account.
Processor: Jérémy Froment, sole proprietor, SIRET 885 302 950 00013, contact@seedlane.app, privacy@seedlane.app.
2. Processing description
Nature and purpose: hosting, organizing, and tracking data related to the Client's gifting programs (creator contacts, pipeline statuses, logistics and content information).
Duration: for the subscription term and until data deletion per the Terms.
Categories of data subjects: micro-influencers and content creators whose data is entered or imported by the Client.
Categories of data: identity and contact (name, handle, email, postal address if provided), gifting activity (status, SKU, tracking, publication URL), internal notes.
3. Processor obligations
Seedlane undertakes to:
- process data only on documented instructions from the Client (use of the Service);
- ensure confidentiality of persons authorized to process data;
- implement appropriate security measures (encryption in transit, restricted access, EU hosting for Supabase application data);
- not engage sub-processors without prior Client information (list in section 4);
- assist the Client in responding to data subject rights requests, where possible;
- notify the Client without undue delay of personal data breaches;
- at contract end, delete or return data per Client choice, except legal retention obligations.
4. Sub-processors
The Client authorizes Seedlane to use the following sub-processors, subject to equivalent contractual guarantees:
| Sub-processor | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication | European Union |
| Vercel | Application hosting | EU / US |
| Stripe | Billing (Client data, not influencers) | EU / international |
Seedlane will inform the Client of material sub-processor changes via the Privacy Policy.
5. Instructions, audits, and liability
The Client remains sole data controller for influencer data they import (legal basis, informing data subjects, records). Seedlane acts on Client instructions via Service configuration and use.
The Client may request security information at privacy@seedlane.app. On-site audits are not provided except legal obligation or documented major incident.
If the DPA conflicts with the Terms on data processing, this DPA prevails.
6. Contact and updates
DPA questions: privacy@seedlane.app (copy: contact@seedlane.app).
Last updated: June 19, 2026.