GADURA CREATOR PLATFORM

Legal

Data Processing Addendum (DPA)

This DPA forms part of the Terms of Service and governs how Gadura processes personal data on behalf of Creators.

Last updated: 28 December 2025

← Back to Legal

Parties: Gadura, LLC (Processor) and the Creator/Customer (Controller)

Contact: support@gadura.com

Mailing Address: 3rd Floor, 86–90 Paul Street, London EC2A 4NE

This Data Processing Addendum (“DPA”) forms part of the agreement between the parties under the Gadura Terms of Service. Where Gadura processes Customer Personal Data on behalf of the Creator (Controller), this DPA applies.

1. Scope and Roles

The Creator (“Controller”) determines the purposes and means of processing Customer Personal Data. Gadura (“Processor”) processes Customer Personal Data only on documented instructions from the Controller and only as necessary to provide the Services and as described in this DPA.

2. Processing Details

Subject matter: provision of the Services (hosting, communications, communities, analytics, support).

Data subjects: End Users, subscribers, customers, members, and account users.

Data: identifiers, contact details, usage data, purchase/member status, message content, and other data uploaded by Controller. The Services are not intended for special category data; do not upload such data unless lawful and necessary.

3. Controller Obligations

The Controller is responsible for lawful notices, consents, lawful basis, accuracy, and responding to data subject requests. Controller instructions must comply with law.

4. Processor Obligations

Gadura will ensure confidentiality, implement appropriate security, assist the Controller where reasonable, notify of breaches without undue delay, and process only as instructed.

5. Subprocessors

Processor may use subprocessors. Information on subprocessors will be available on request, and material changes will be notified where required. Payment Providers may act as independent controllers for certain transactions.

6. Security Measures

Gadura uses reasonable technical and organizational measures, including access controls, encryption in transit (and where appropriate at rest), monitoring, and incident response practices.

7. Assistance

Processor will provide reasonable assistance with data subject requests, DPIAs, and consultations where required, within the capabilities of the Services.

8. Breach Notification

Processor will notify Controller without undue delay after becoming aware of a personal data breach affecting Customer Personal Data.

9. Return and Deletion

Upon termination, Customer Personal Data may be exported or deleted where available. Data will generally be deleted within 60 days unless legally required to retain longer.

10. International Transfers

Where required, the EU Standard Contractual Clauses (Controller–Processor) and UK Addendum are incorporated. Additional safeguards may apply where appropriate.

11. Audits

Processor will provide reasonable information demonstrating compliance. Audits are limited to once per year (unless legally required or following a breach) and must protect confidentiality and minimize disruption.

12. Conflict

If this DPA conflicts with the Terms regarding data processing, this DPA controls.

13. Contact

Data protection questions can be sent to:
support@gadura.com