(Early Access)
Last updated: October 2025
This DPA forms part of the Terms of Service between the Customer (Controller) and Deal Forge LLC (Processor) and applies only where DealForge processes Customer Personal Data on the Customer's behalf.
Controller: Customer decides the purposes/means of processing.
Processor: DealForge processes Customer Personal Data only on documented instructions to provide the Service.
We process: (a) workspace/user account details (e.g., name, email), and (b) customer-provided notes/configuration inside DealForge.
We also store public, first-party web facts about vendors (pricing, docs, changelogs, integrations, trust pages). Public content is not Customer Personal Data.
For the subscription term and a short post-termination period needed for export/deletion or as required by law.
Types: user contact details; workspace metadata; customer-provided notes.
Data subjects: Customer's employees/authorized users.
Not intended: customer CRM records or special-category data.
Process only on instructions; ensure confidentiality; apply appropriate technical/organizational measures (see Security).
Assist Controller with reasonable data-subject requests and impact assessments, considering the nature of processing.
Sub-processors: We use standard cloud/analytics providers under written terms; we remain responsible for them. A current list is available on request and we will notify of material changes.
If applicable, transfers outside the EEA/UK are supported by the EU Standard Contractual Clauses/UK IDTA as appropriate.
We maintain measures appropriate to the risk (encryption in transit/at rest; access controls; backups).
If we become aware of a personal-data incident affecting Customer Personal Data, we'll notify the Customer without undue delay and share available details.
Upon termination, on Customer request we will export and then delete Customer Personal Data within a reasonable period unless law requires retention.
On reasonable notice, we will provide information necessary to demonstrate compliance (e.g., policy summaries, control descriptions). On-site inspections may be requested where required by law; Customer bears reasonable costs.
We do not provide SOC 2/ISO certifications at this time.