Data Processing Addendum (DPA)

This Data Processing Addendum ("DPA") supplements the Terms and Privacy Policy and applies only to the extent Pressure processes Customer Personal Data on behalf of a customer as a processor or service provider under applicable law. This DPA does not apply to processing activities for which Pressure acts as an independent controller or business, including operating user accounts, securing the Service, billing, product analytics, abuse prevention, legal compliance, and other purposes described in the Privacy Policy.

The parties acknowledge that role allocation depends on the context of the processing. - For most direct, self-serve use of Pressure, each party may act as an independent controller for its own processing. - Where the parties separately agree that a customer is the controller and Pressure processes Customer Personal Data solely on the customer's documented instructions in order to provide the Service, Pressure acts as processor or service provider for that processing.

Pressure may process Customer Personal Data for the limited purpose of providing analytics, transcription-enabled features, reporting, support, maintenance, security, and related Service functionality for the duration of the applicable customer relationship, unless earlier deleted in accordance with the parties' agreement or applicable law.

Depending on use of the Service, Pressure may process: - Account identifiers - Instagram account identifiers and authorized platform data - Analytics and reporting data - Media-related metadata and derived transcripts or features - Technical, authentication, and security data

Where Pressure acts as a processor or service provider, Pressure will: - Process Customer Personal Data only for the purposes described in the parties' agreement and permitted by applicable law - Use personnel and subprocessors subject to appropriate confidentiality obligations - Implement reasonable technical and organizational measures designed to protect Customer Personal Data - Assist with deletion, access, and correction requests where required by applicable law and reasonably feasible

Pressure may use trusted subprocessors and service providers, such as hosting providers, authentication providers, infrastructure providers, database providers, job-processing providers, and vendors used to power transcription or feature-generation workflows. Pressure remains responsible for subprocessors to the extent required by applicable law and our agreements with customers.

Pressure implements safeguards including: - Encryption and token protection where appropriate - Access controls - Authentication protections - Secure infrastructure and logging - Measures designed to detect and respond to abuse or unauthorized access

Upon verified request and subject to applicable law, security requirements, and backup or recordkeeping limitations, Pressure will delete or return Customer Personal Data in accordance with the parties' agreement and our retention practices.

Data may be processed in the United States and other countries where Pressure or its service providers operate. Where required by applicable law, appropriate safeguards will be used for cross-border transfers.

Pressure LLC 100 N Howard St Ste R, Spokane, WA 99201 support@pressure-app.com