Data Processing Agreement

1. Introduction

This Data Processing Agreement ("DPA") forms part of the Terms of Service between Advisor Media Group LLC and its affiliate Advisor Media Group (Bangladesh) (collectively, "Advisor AI," "Processor," "we," "us") and you ("Controller," "Customer") and governs the processing of personal data by Advisor AI on behalf of the Customer.

This DPA complies with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws.

2. Definitions

• "Personal Data" means any information relating to an identified or identifiable natural person.
• "Processing" means any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.
• "Data Subject" means the individual to whom Personal Data relates.
• "Sub-processor" means any third party engaged by Advisor AI to process Personal Data.

3. Scope of Processing

Advisor AI processes Personal Data solely for the purpose of providing the Services as described in the Terms of Service, including:

• Providing AI-powered advertising creative generation
• Managing and syncing advertising campaigns across platforms
• Generating analytics and performance reports
• Providing customer support
• Improving and developing the Services

4. Categories of Data Processed

4.1 Customer Data

• Account information (name, email, company name)
• Billing information
• Brand assets and creative materials
• Campaign data and settings

4.2 Third-Party Platform Data

• Advertising account information from connected platforms
• Campaign performance metrics
• Audience data and insights

5. Processor Obligations

Advisor AI agrees to:

• Process Personal Data only on documented instructions from the Controller
• Ensure personnel are bound by confidentiality obligations
• Implement appropriate technical and organizational security measures
• Assist the Controller in responding to Data Subject requests
• Delete or return Personal Data upon termination of Services
• Make available information necessary to demonstrate compliance
• Notify the Controller of any data breach without undue delay

6. Sub-processors

The Controller authorizes Advisor AI to engage Sub-processors for data processing. We maintain a list of current Sub-processors, which includes:

We will notify the Controller of any changes to Sub-processors. The Controller may object to new Sub-processors within 30 days.

7. Security Measures

Advisor AI implements the following security measures:

• Encryption of data in transit (TLS 1.3) and at rest (AES-256)
• Access controls and authentication requirements
• Regular security assessments and penetration testing
• Employee security training and background checks
• Incident response and disaster recovery procedures
• SOC 2 Type II certification

8. International Transfers

For transfers of Personal Data outside the European Economic Area, Advisor AI relies on:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• EU-US Data Privacy Framework certification where applicable
• Supplementary measures as required by applicable law

9. Data Subject Rights

Advisor AI will assist the Controller in fulfilling Data Subject requests, including rights to:

• Access their Personal Data
• Rectify inaccurate data
• Erase their data ("right to be forgotten")
• Restrict processing
• Data portability
• Object to processing

10. Audit Rights

Upon reasonable notice, the Controller may audit Advisor AI's compliance with this DPA. Advisor AI will provide necessary information and allow for audits conducted by the Controller or an independent auditor.

11. Term and Termination

This DPA remains in effect for the duration of the Services. Upon termination, Advisor AI will delete or return all Personal Data within 30 days, unless retention is required by law.

12. Contact

For questions about this DPA or to exercise data protection rights: