Data Processing Addendum (DPA)

1. DEFINITIONS

• “Company”, “we”, “us”, or “our” refers to The ADU Exchange LLC.
• “User” or “Data Subject” refers to any individual who interacts with our website or services.
• “Processor” refers to any third party that processes personal data on our behalf, such as:
  • Google Analytics
  • Meta (Facebook/Instagram)
  • Microsoft Clarity
  • CRM platforms (e.g., GoHighLevel, HubSpot)
  • SMS gateways (Twilio, SimpleTexting)
  • Payment processors (Stripe, PayPal)
  • AI systems (ChatGPT/LLM integrations)
  • Website hosting providers
• “Personal Data” means any information that identifies or relates to an identifiable individual.
• “Processing” means collecting, storing, analyzing, or transmitting personal data.

2. ROLE OF PARTIES

For all data collected:

• The ADU Exchange LLC is the Data Controller .
• Third-party tools and platforms are Data Processors acting on our behalf.
• Some third parties may act as Independent Controllers based on their own policies (Google, Meta, etc.).

We ensure that processors only handle data according to our instructions.

3. TYPES OF PERSONAL DATA PROCESSED

4. PURPOSE OF PROCESSING

We process data for:

• Feasibility report creation (Tiers 1, 2, 3)
• Blueprint marketplace transactions
• Trade Connect directory interactions
• Analytics tracking and website optimization
• Ads performance and retargeting
• Customer service and messaging
• Payment processing, Fraud detection, & Security

All processing is limited to what is necessary for legitimate business purpose or with user consent.

5. INSTRUCTIONS TO PROCESSORS

All processors must:

• Process data only according to our written instructions.
• Not use the data for their own marketing or profiling (except in anonymized form).
• Maintain appropriate security measures.
• Not subcontract processing without ensuring GDPR-equivalent protections.

6. DATA SHARING WITH THIRD-PARTY PROCESSORS

We may share data with Analytics providers, CRM tools, SMS/Email systems, Hosting services, Blueprint sellers, and Trade Connect partners (upon request).

We do not sell personal data.

7. INTERNATIONAL DATA TRANSFERS

Some processors may store or process data outside the United States. Where required, Standard Contractual Clauses (SCC) or Data Protection Agreements are used to ensure lawful transfer.

8. SECURITY MEASURES

We require all processors to implement: Encryption in transit (HTTPS/SSL), Secure data storage, Access controls, Logging, and Data minimization practices.

9. DATA RETENTION

Data is retained only for as long as necessary to fulfill legal, business, or service purposes. Users may request deletion of their data at any time (subject to legal exceptions).

10. DATA SUBJECT RIGHTS

Users may request Access, Correction, Deletion, Restriction, Portability, or Opt-out of tracking.

Requests can be made by emailing: support@theaduexchange.com

11. SUB-PROCESSORS

We may authorize third-party sub-processors such as Google Analytics, Meta, Stripe/PayPal, Twilio, etc. Each sub-processor is required to meet equivalent security and data-protection standards.

12. BREACH NOTIFICATION

If a processor becomes aware of a breach affecting personal data, they must notify The ADU Exchange LLC without undue delay and assist with mitigation. We will notify affected users when legally required.

13. TERMINATION OF PROCESSING

Upon termination of the processor relationship, all personal data must be deleted or returned.

14. CHANGES TO THIS ADDENDUM

We may modify this Addendum at any time. Continued use of our services indicates acceptance of updates.

15. CONTACT INFORMATION