Data Processing Agreement (DPA)
This DPA forms part of the Terms of Service between you (Controller) and ChatHub (Processor) and applies when ChatHub processes personal data on your behalf.
1. Subject Matter
ChatHub processes personal data of your end-users (fans, customers) on your behalf to provide the CRM, inbox, vault, scripts, lists, mass-DM, sales attribution and analytics features.
2. Duration
For the duration of the subscription, plus 30 days for export, plus 12 months legal retention.
3. Categories of Data Subjects
Your team members (chatters, admins) and the end-users (fans) of the Telegram accounts you connect.
4. Categories of Personal Data
Names, usernames, Telegram peer IDs, profile pictures, messages content, DropFans transaction data, sales amounts.
5. Sub-processors
Stripe, Hetzner, Decodo, OpenAI, Sentry, Resend, Cloudflare. List updates with 30-day prior notice. Right to object.
6. Security Measures
Encryption at rest and in transit, RBAC, audit logs, row-level isolation, regular backups, vulnerability monitoring.
7. Data Subject Rights
ChatHub will assist the Controller in responding to access, rectification, erasure and portability requests within 7 business days.
8. Breach Notification
ChatHub will notify the Controller of any personal data breach within 48 hours of discovery.
9. International Transfers
Standard Contractual Clauses (SCC) apply for any transfer outside the EEA.
10. Audit
Once per year, the Controller may request a summary of security controls. Full on-site audit is available under NDA on Enterprise plans.