This Data Processing Agreement (“DPA”) is entered into between Gatheround LLC, a Georgia limited liability company (“Gatheround”, “Processor”), and the Customer identified in the associated Subscription Agreement (“Customer”, “Controller”). This DPA is incorporated into and forms part of the Subscription Agreement. In the event of conflict with respect to data processing matters, this DPA governs.
Customer is the Controller of Personal Data submitted to the Service. Gatheround is the Processor, acting solely on Customer’s documented instructions. Gatheround’s processing of Aggregated Data is outside the scope of this DPA.
Customer warrants that:
Gatheround will process Personal Data only on Customer’s documented instructions except where required by law. Gatheround will notify Customer before legally required inconsistent processing to the extent permitted by law.
Personnel authorized to process Personal Data are subject to confidentiality obligations and have received data protection training.
Gatheround implements and maintains:
Gatheround will provide reasonable technical assistance for Data Subject requests (access, correction, deletion, restriction, portability) to the extent technically feasible. Customer is responsible for responding to Data Subjects.
Gatheround will notify Customer within 72 hours of a confirmed Security Incident, including: (a) nature and scope; (b) categories and approximate number of Data Subjects affected; (c) likely consequences; and (d) measures taken. Notification does not constitute acknowledgment of fault.
Upon written request and at Customer’s expense, Gatheround will provide information necessary for Customer to conduct a data protection impact assessment, to the extent within Gatheround’s control and not revealing confidential information of other customers.
Upon termination or written request, Gatheround will within 90 days either: (a) provide a complete export of Customer Data in CSV or JSON format, or (b) securely delete all Personal Data, except where required by law. Written certification of deletion is available upon request. This obligation does not apply to Aggregated Data.
Customer authorizes Gatheround to engage the following sub-processors:
Gatheround will notify Customer at least 14 days before engaging new sub-processors. Customer may object on data protection grounds within 14 days. If unresolved within 30 days, Customer may terminate without penalty and receive a prorated refund.
Gatheround imposes data protection obligations on sub-processors no less protective than this DPA and remains liable for their performance.
All Personal Data is stored and processed in the United States. Gatheround does not transfer Personal Data outside the US as part of standard service delivery. Customers with EU/EEA, UK, or similar data subjects should contact hello@gatheround.io before submitting such data.
As a service provider, Gatheround will:
Gatheround certifies it understands and will comply with these restrictions.
Once per year, upon 30 days written notice and at Customer’s expense, Customer may request a written summary of Gatheround’s security practices. Gatheround may satisfy this through a summary report or third-party certification (e.g., SOC 2). On-site audits require prior written consent.
Liability under this DPA is subject to the limitations in the Subscription Agreement. The total aggregate cap applies once across all claims under both documents. Nothing limits liability for death or personal injury caused by negligence, fraud, or willful misconduct.
This DPA is effective for the duration of the Subscription Agreement. Obligations survive until Personal Data is deleted or returned per Section 4.7.
Georgia law governs. Disputes resolved as provided in the Subscription Agreement, including mandatory arbitration and class action waiver.
Data protection inquiries:
Gatheround LLC
Attn: Data Protection
Atlanta, Georgia
Email: hello@gatheround.io
One more thing: the world works better when people are kind to each other. We built this platform for people who feed people — and there's something quietly beautiful about that. Be good to your clients, your staff, and your vendors. It matters more than the software.