This Data Processing Agreement ("DPA") governs the processing of personal data by Boosty AI ("Processor") on behalf of the customer ("Controller") in accordance with applicable data protection laws, including GDPR.
This DPA applies to the processing of personal data that may be contained within website content and analytics data processed through our optimization services.
Personal data processed may include:
• Website visitor data and analytics
• Contact information embedded in website content
• User behavior and interaction data
• Technical data such as IP addresses and device information
Boosty AI processes personal data solely for the purpose of:
• Website optimization and SEO improvement
• LLM visibility enhancement
• Performance analysis and reporting
• Service delivery and support
The Controller warrants that:
• They have a lawful basis for processing personal data
• Appropriate consent has been obtained where required
• Data subjects have been informed about the processing
• Processing instructions are lawful and compliant
Boosty AI commits to:
• Process personal data only on documented instructions
• Implement appropriate technical and organizational measures
• Maintain confidentiality of personal data
• Assist with data subject rights requests
• Notify of any personal data breaches
Boosty AI may engage sub-processors for specific processing activities. Current sub-processors include cloud hosting providers and analytics services. We maintain a list of authorized sub-processors and notify customers of any changes.
Personal data may be transferred outside the EEA. We ensure appropriate safeguards are in place, including Standard Contractual Clauses or adequacy decisions.
We implement industry-standard security measures including:
• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication
• Employee training on data protection
We assist Controllers in responding to data subject requests for access, rectification, erasure, portability, and objection to processing within 30 days of receiving such requests.
Personal data is retained only as long as necessary for the purposes outlined in this DPA. Upon termination of services, data is securely deleted within 90 days unless legal retention requirements apply.
Controllers may audit our compliance with this DPA upon reasonable notice. We provide necessary information and assistance for such audits.
For DPA-related inquiries, contact our Data Protection Officer at dpo@boostyai.app