This Data Processing Addendum (“DPA”) supplements the Terms of Service and applies when Mediation One processes personal data on your behalf as a processor. By using paid plans of the Service you accept this DPA.

1. Roles

You are the controller of the data you upload. Mediation One acts as your processor. For free-audit leads collected on our public site, Mediation One acts as controller.

2. Scope of processing

Subject matter: provision of the Service. Duration: the term of your subscription. Nature and purpose: as described in our Privacy Policy. Data categories: ad-revenue metrics, account credentials, contact data. Data subjects: your employees and authorized users of your account.

3. Our obligations

• Process personal data only on your documented instructions.
• Ensure personnel with access are bound by confidentiality obligations.
• Implement appropriate technical and organizational measures (TLS, encryption at rest, access controls, hashed passwords).
• Assist you with data-subject requests, security incidents, and DPIAs.
• Notify you without undue delay of any personal data breach involving your data.
• On termination, delete or return personal data within 30 days.

4. Sub-processors

Current sub-processors are listed in our Privacy Policy. We will notify you of any new sub-processor at least 30 days before granting them access. You may object on reasonable grounds; if we cannot accommodate the objection, you may terminate the affected subscription and receive a pro-rata refund.

5. International transfers

Where personal data is transferred outside the EEA, UK, or Japan, we rely on the EU Standard Contractual Clauses (or equivalent mechanisms) with our sub-processors.

6. Audits

We make our security documentation available on request. On reasonable notice (no more than once per year) you may request a written audit response covering our controls.

7. Order of precedence

In case of conflict between this DPA and the Terms of Service, this DPA prevails for data-protection matters.