Data Processing Agreement

Last updated: January 2026

This Data Processing Agreement ("DPA") is entered into between FeedPilot ("Processor") and the customer ("Controller") and governs the processing of personal data in connection with our marketplace management services. This DPA is designed to meet the requirements of the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Scope and purpose

  • This DPA applies when FeedPilot processes personal data on behalf of the Customer in the course of providing marketplace management services.
  • FeedPilot acts as a data processor. The Customer remains the data controller and determines the purposes and means of processing.
  • This DPA supplements our Terms of Service and Privacy Policy. In case of conflict, this DPA prevails for matters related to data processing.

2. Types of data processed

  • Customer account data: Names, email addresses, company information, and billing details.
  • End customer data: Names, addresses, email addresses, phone numbers, and order history from marketplace transactions.
  • Product data: Product titles, descriptions, images, SKUs, pricing, and inventory levels.
  • Communication data: Customer inquiries, messages, and support tickets processed through our platform.

3. Processing activities

  • Synchronizing product listings and inventory across connected marketplaces.
  • Processing and fulfilling orders received through marketplace channels.
  • Managing customer communications including inquiries, returns, and support requests.
  • Generating reports and analytics on marketplace performance.
  • Maintaining audit logs for compliance and troubleshooting purposes.

4. Data protection obligations

  • We process personal data only on documented instructions from the Customer, unless required by law.
  • We ensure that personnel authorized to process personal data are bound by confidentiality obligations.
  • We implement appropriate technical and organizational security measures as described in our Security documentation.
  • We assist the Customer in responding to data subject requests and meeting regulatory obligations.
  • We notify the Customer without undue delay upon becoming aware of a personal data breach.

5. Sub-processors

  • We may engage sub-processors to assist in providing our services. A list of current sub-processors is available upon request.
  • We ensure sub-processors are bound by data protection obligations no less protective than those in this DPA.
  • We notify Customers of any intended changes to sub-processors, allowing reasonable time to object.

6. International transfers

  • Personal data may be transferred to countries outside the European Economic Area (EEA) where our systems or sub-processors are located.
  • We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses (SCCs) where required.
  • Upon request, we can provide details of the specific transfer mechanisms used.

7. Data retention and deletion

  • We retain personal data for the duration of the service agreement plus a reasonable period for backup and legal compliance.
  • Upon termination of services, we delete or return all personal data within 30 days, unless retention is required by law.
  • The Customer may request deletion of specific data at any time, subject to legal and operational constraints.

8. Audit rights

  • Upon reasonable notice, the Customer may audit our data processing activities to verify compliance with this DPA.
  • We make available information necessary to demonstrate compliance, including security certifications and audit reports where available.
  • Audits shall be conducted during normal business hours and shall not unreasonably interfere with our operations.

9. Liability

  • Each party is liable for damages caused by processing that violates applicable data protection laws or this DPA.
  • Liability limitations in our Terms of Service apply to this DPA except where prohibited by law.

Need a signed copy?

If you require a signed Data Processing Agreement for your compliance records, please contact us. We'll provide a customized DPA that includes your organization's details.

Request signed DPA Ask a question

For data protection inquiries, contact our team at [email protected]