This Data Processing Agreement ("DPA") forms part of the agreement between PeakClips ("Data Processor") and you, the subscriber ("Data Controller"), and applies where PeakClips processes personal data on your behalf that is subject to the EU General Data Protection Regulation (GDPR), UK GDPR, or Swiss FDPA.
1. Definitions
- "Personal Data" has the meaning given in GDPR Article 4.
- "Processing" has the meaning given in GDPR Article 4.
- "Data Controller" means you, the PeakClips subscriber who determines the purposes and means of processing.
- "Data Processor" means PeakClips, which processes Personal Data on your behalf.
2. Scope of Processing
- Subject Matter: automated clip processing and social media publishing for Twitch streamers.
- Duration: for the term of your active subscription.
- Nature and Purpose: accessing Twitch data, processing content through our pipeline, generating captions, and publishing to authorized social platforms.
- Types of Personal Data: Twitch user identifiers, viewer usernames appearing in clips (incidentally), email addresses, and social media account identifiers.
- Categories of Data Subjects: subscribers and, incidentally, their viewers.
3. Processor Obligations
PeakClips shall:
- Process Personal Data only on your documented instructions.
- Ensure personnel authorized to process Personal Data are bound by confidentiality obligations.
- Implement appropriate technical and organizational security measures per GDPR Article 32.
- Not engage sub-processors without prior notice to you.
- Assist you in fulfilling data subject rights requests.
- Delete or return Personal Data upon termination of the DPA, at your election.
- Provide you with information necessary to demonstrate compliance with this DPA.
4. Sub-Processors
You authorize PeakClips to engage the following sub-processors:
- Supabase Inc.: database and compute infrastructure (US).
- Cloudflare Inc.: edge network and CDN (global).
- Stripe Inc.: payment processing (US).
- Resend Inc.: transactional email (US).
- Upload-Post API: social publishing infrastructure.
- Anthropic PBC: AI caption generation (US). API inputs are not used by Anthropic to train its models under its commercial terms.
We will notify you of any intended changes to sub-processors with reasonable advance notice, giving you the opportunity to object.
5. International Transfers
PeakClips is based in the United States. Transfers of Personal Data from the EU/EEA to the US are governed by applicable transfer mechanisms, including Standard Contractual Clauses where required. By using PeakClips, you acknowledge and agree to these transfers.
6. Security
PeakClips implements the following security measures: TLS encryption in transit, AES-256 encryption at rest, row-level security on all database tables, role-based access controls, and regular security reviews.
7. Breach Notification
In the event of a Personal Data breach affecting data we process on your behalf, we will notify you without undue delay and no later than 72 hours after becoming aware of the breach, to the extent practicable.
8. Termination
This DPA terminates automatically upon termination of your PeakClips subscription. Upon termination, we will delete your Personal Data within 30 days, except where retention is required by law.
9. Contact
DPA inquiries: hello@peakclips.tv