Last Updated February 19, 2025
This Data Processing Addendum ("Addendum") is entered into as part of the agreement ("Agreement") between OpenGiant, Inc. ("OpenGiant") and the entity or individual agreeing to this Addendum ("Customer"). This Addendum sets forth the terms and conditions under which OpenGiant processes personal data on behalf of the Customer, in compliance with applicable data protection laws.
1.1 "Data Protection Laws": Refers to all applicable privacy and data protection laws, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and any other relevant regulations.
1.2 "Personal Data": Any information relating to an identified or identifiable natural person processed under the Agreement.
1.3 "Process" or "Processing": Any operation or set of operations performed on Personal Data, including collection, storage, use, transfer, or deletion.
1.4 "Sub-Processor": Any third party appointed by OpenGiant to process Personal Data on behalf of the Customer.
2.1 Purpose and Nature of Processing: OpenGiant processes Personal Data solely for the purposes defined in the Agreement and in accordance with Customer’s documented instructions.
2.2 Categories of Data: The types of Personal Data processed and categories of data subjects are outlined in Appendix 1 to this Addendum.
2.3 Customer Responsibilities: The Customer is responsible for ensuring that its instructions comply with applicable Data Protection Laws and for providing adequate notices and obtaining necessary consents from data subjects.
3.1 Compliance: OpenGiant will process Personal Data in compliance with applicable Data Protection Laws and this Addendum.
3.2 Confidentiality: OpenGiant ensures that personnel authorized to process Personal Data are bound by confidentiality obligations.
3.3 Security Measures: OpenGiant implements appropriate technical and organizational measures to protect Personal Data against unauthorized or unlawful processing and against accidental loss, destruction, damage, alteration, or disclosure. These measures are detailed in Appendix 2.
3.4 Data Breach Notification: In the event of a Personal Data breach, OpenGiant will notify the Customer without undue delay and provide sufficient information to enable the Customer to comply with its legal obligations.
3.5 Assistance: OpenGiant will assist the Customer in ensuring compliance with obligations under Data Protection Laws, including responding to data subject requests and conducting impact assessments.
4.1 Authorized Sub-Processors: The Customer authorizes OpenGiant to engage Sub-Processors as listed in Appendix 3.
4.2 Sub-Processor Obligations: OpenGiant will ensure that Sub-Processors are bound by contractual obligations that provide the same level of protection for Personal Data as this Addendum.
4.3 Notification of Changes: OpenGiant will notify the Customer of any intended changes to Sub-Processors, providing the Customer the opportunity to object within 14 days of receiving such notification.
5.1 Requests: OpenGiant will promptly inform the Customer of any data subject requests it receives. OpenGiant will not respond to such requests unless authorized by the Customer.
5.2 Assistance: OpenGiant will assist the Customer in fulfilling data subject rights requests in accordance with Data Protection Laws.
6.1 Restricted Transfers: OpenGiant will only transfer Personal Data to countries outside the European Economic Area (EEA) or other applicable regions in compliance with Data Protection Laws.
6.2 Safeguards: Such transfers will be based on appropriate safeguards, such as standard contractual clauses or binding corporate rules.
Upon termination of the Agreement, OpenGiant will, at the Customer’s choice, return or securely delete all Personal Data, except where retention is required by applicable law.
OpenGiant will make available all information necessary to demonstrate compliance with this Addendum and allow for and contribute to audits conducted by the Customer or its appointed auditor, as permitted under the Agreement.
The liability and indemnification provisions of the Agreement apply to this Addendum. OpenGiant’s liability for any breach of this Addendum will be subject to the limitations set forth in the Agreement.
10.1 Governing Law: This Addendum is governed by the same laws as the Agreement.
10.2 Amendments: Any amendments to this Addendum must be in writing and signed by authorized representatives of both parties.
10.3 Conflict: In the event of any conflict between this Addendum and the Agreement, this Addendum will prevail with respect to the subject matter herein.
Categories of Data Subjects: Customers, end users, employees, or others whose Personal Data is provided by the Customer.
Types of Personal Data: Names, contact information, identifiers, usage data, and other data as specified in the Agreement.
Processing Operations: Collection, storage, analysis, transfer, and deletion of Personal Data as needed to provide the services under the Agreement.
Encryption of data in transit and at rest.
Access controls to limit data access to authorized personnel.
Regular security assessments and audits.
Incident response procedures.
Anthropic: AI model training and deployment. [https://www.anthropic.com]
Better Stack: Infrastructure logging and monitoring. [https://betterstack.com]
Intercom: Customer support. [https://www.intercom.com]
Neon: Database hosting. [https://neon.tech]
OpenAI: AI model training and deployment. [https://www.openai.com]
PostHog: Product analytics. [https://posthog.com]
Railway: Deployment and hosting. [https://railway.com]
Resend: Transactional email processing. [https://resend.com]
Stripe: Payment processing. [https://stripe.com]
Trigger.dev: Background jobs and task scheduling. [https://trigger.dev]
If you have questions or concerns about this policy, please contact us at:
OpenGiant, Inc. 169 Madison Ave, Suite 11692 New York, NY 10016
[email protected]
