Data Processing Agreement

This Data Processing Agreement ("DPA") supplements and forms part of the Terms of Service between BringToLife ("we," "us," or "our") and you ("Customer" or "you"). This DPA governs the processing of personal data by BringToLife on behalf of Customer in connection with the services we provide.

By using our services, you agree to this DPA. If you do not agree, you may not use our services.

• "Personal Data" means any information relating to an identified or identifiable natural person that is processed by us on your behalf.
• "Processing" means any operation performed on Personal Data, including collection, storage, use, disclosure, and deletion.
• "Data Subject" means the natural person to whom Personal Data relates.
• "Subprocessor" means any third party that processes Personal Data on our behalf. See our Subprocessors page for a complete list.

We process Personal Data on your behalf to provide our logo animation services, including:

• Account creation and authentication
• Logo file processing and animation generation
• Project storage and management
• Payment processing and subscription management
• Customer support and communication
• Service improvement and analytics

We will only process Personal Data in accordance with your instructions and this DPA, unless required by applicable law.

We implement and maintain appropriate technical and organizational measures to protect Personal Data against unauthorized access, loss, destruction, or alteration. These measures include:

• Encryption of data in transit and at rest
• Access controls and authentication mechanisms
• Regular security assessments and updates
• Incident response procedures
• Employee training on data protection

We may engage Subprocessors to process Personal Data on our behalf. We maintain a current list of Subprocessors, which you can view on our Subprocessors page.

We require all Subprocessors to:

• Process Personal Data only in accordance with our instructions
• Implement appropriate security measures
• Comply with applicable data protection laws
• Notify us of any data breaches

We will notify you of any changes to our Subprocessors. If you object to a new Subprocessor, you may terminate your use of our services in accordance with our Terms of Service.

We will assist you in responding to requests from Data Subjects to exercise their rights under applicable data protection laws, including:

• Right to access
• Right to rectification
• Right to erasure
• Right to restrict processing
• Right to data portability
• Right to object

We will respond to your requests for assistance within a reasonable timeframe and in accordance with applicable law.

We will retain Personal Data only for as long as necessary to provide our services or as required by law. Upon termination of your account or upon your request, we will:

• Delete or return Personal Data to you, unless retention is required by law
• Delete all copies of Personal Data in our possession, subject to backup retention periods
• Provide certification of deletion upon request

Some data may be retained in backups for a limited period after deletion, but will not be actively processed.

In the event of a data breach affecting Personal Data, we will:

• Notify you without undue delay after becoming aware of the breach
• Provide information about the nature of the breach, categories of data affected, and measures taken
• Assist you in meeting your obligations to notify Data Subjects or authorities, as required by law
• Take reasonable steps to mitigate the effects of the breach

Personal Data may be transferred to and processed in countries outside of your jurisdiction. We ensure that such transfers comply with applicable data protection laws through:

• Standard contractual clauses approved by relevant authorities
• Other appropriate safeguards as required by law
• Compliance with applicable data protection frameworks

Upon reasonable notice and during normal business hours, you may audit our compliance with this DPA, subject to:

• Confidentiality obligations
• Limitations on frequency (no more than once per year, unless required by law)
• Your payment of reasonable audit costs
• Our right to use independent third-party certifications or audits to satisfy audit requests

For questions about this DPA or our data processing practices, please contact us:

Last Updated: March 6, 2026