Legal
Data Processing Addendum
Last updated: July 1, 2026
This DPA supplements our Terms of Service and applies when Afftrack.dev processes personal data on your behalf as a processor under GDPR, UK GDPR, and comparable laws.
1. Roles
You are the Controller of personal data submitted to the Service. Afftrack.dev is the Processor.
2. Scope and purpose
We process personal data solely to provide the Service as described in the Terms, and only on your documented instructions.
3. Categories of data and data subjects
- Data subjects: your end users / traffic sources.
- Data: click identifiers, transaction identifiers, IP address, user agent, payout metadata.
4. Subprocessors
You authorize us to engage vetted subprocessors under written terms providing equivalent protection. We will notify you of material changes and give you an opportunity to object.
5. Security
We implement appropriate technical and organizational measures, including encryption in transit and at rest, access controls, network isolation, and monitoring.
6. Breach notification
We will notify you without undue delay, and no later than 72 hours after becoming aware of a personal data breach affecting your data.
7. Data subject requests
We will assist you in responding to data subject requests through in-app tools and, where required, direct support.
8. International transfers
Transfers of personal data outside the EEA/UK rely on the EU Standard Contractual Clauses (2021/914) and the UK Addendum, incorporated by reference.
9. Return or deletion
Upon termination, we will delete or return your personal data within 30 days, unless retention is required by law.
10. Audits
We will make available reasonable information necessary to demonstrate compliance with this DPA, including third-party audit summaries when available.
Signing
Customers on paid plans may request a countersigned copy at support@afftrack.dev.
