datacrow

Data Processing Agreement

Last updated: June 13, 2026

This Data Processing Agreement (DPA) forms part of the agreement between the merchant (Controller) and Milo Ketterhagen d/b/a DataCrow (Processor, DataCrow) for use of the Service, and applies to the extent DataCrow processes personal data on the Controllers behalf.

1. Roles of the parties

The Controller determines the purposes and means of processing shopper personal data. DataCrow processes such data only as a Processor, in accordance with the Controllers documented instructions and this DPA.

2. Subject matter and scope

  • Subject matter: capture, enrichment, deduplication, and server-side delivery of conversion events to Controller-selected destinations.
  • Duration: for the term of the agreement.
  • Categories of data subjects: the Controllers store shoppers and visitors.
  • Categories of personal data: order and event data and shopper identifiers (for example, email, phone, IP address, user agent, and ad click IDs), hashed where required by the destination.

3. Processor obligations

  • Process personal data only on documented instructions from the Controller.
  • Ensure persons authorized to process data are bound by confidentiality.
  • Implement appropriate technical and organizational security measures.
  • Assist the Controller with data subject requests and with security, breach notification, and impact assessment obligations.
  • Delete or return personal data at the end of the engagement, subject to legal retention requirements.

4. Sub-processors

The Controller authorizes DataCrow to engage the sub-processors listed at Sub-processors. DataCrow imposes data protection obligations on each sub-processor and remains responsible for their performance.

5. International transfers

Where personal data is transferred across borders, DataCrow relies on appropriate safeguards, such as Standard Contractual Clauses, as applicable.

6. Security incidents

DataCrow will notify the Controller without undue delay after becoming aware of a personal data breach affecting the Controllers data.

7. Contact

To request a signed copy of this DPA, email milo@ketterhagen.com.