DPA

DATA PROCESSING AGREEMENT

This Data Processing Agreement ("DPA") forms part of the Terms of Use, or any other agreement ("Agreement") by and between DreamSage, a United States Limited Liability Company, and an address at 17350 State Hwy 249, Ste 220 20215, Houston, TX 77064, and/or its owners, agents, employees, representatives, or affiliates and assigns ('DreamSage') and User, to reflect the agreement between the parties, with respect to the processing Personal Data, and pursuant to the Subscription as set forth in https://dreamsage.ai. All capitalized terms not defined herein shall have the meaning set forth in the Agreement.

DEFINITIONS

"Applicable Privacy Law" means: (i) the General Data Protection Regulation (EU) 2016/679 ("GDPR"); (ii) GDPR as applicable as part of UK domestic law by virtue of section 3 of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications, as a consequence of the United Kingdom leaving the European Union ("UK GDPR"); (iii) the California Consumer Privacy Act, Cal. Civ. Code §§ 1798.100 et seq. ("CCPA"), and any other data protection laws which apply to the Processing of Personal Data under this DPA.

"Business Purpose" has the meaning assigned to under CCPA.

"Commercial Purpose" has the meaning assigned to under CCPA.

"Controller" means the entity which determines the purposes and means of the Processing of Personal Data.

"Customer Data" means any data, information or other material provided, uploaded, or submitted by User in the course of using the Service.

"Data Subject" means the identified or identifiable person to whom Personal Data relates

"Europe" means the European Union, the European Economic Area, Switzerland and the United Kingdom.

"Personal Data" has the meaning given to it in the Applicable Privacy Law.

"Processor" ,"Processing" or "Process" shall have the meaning as set forth in the Applicable Privacy Law.

"Security Incident" means any unauthorized or unlawful breach of security that leads to the accidental or unlawful destruction, loss, or alteration of, or unauthorized disclosure of or access to, Personal Data on systems managed or otherwise controlled by DreamSage.

"Standard Contractual Clauses" means the applicable Standard Contractual Clauses for the transfer of Personal Data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and the Council approved by European Commission Implementing Decision (EU) 2021/914 of 4 June 2021, as currently set out at https://eurlex.europa.eu/eli/dec_impl/2021/914/oj.

"Sub processor" has the meaning assigned to under GDPR.

SCOPE AND APPLICATION

To the extent DreamSage processes Personal Data on behalf of User in connection with the Agreement, the parties agree to comply with the provisions set forth in this DPA. In this context, DreamSage may act as a Processor respectively with respect to User's Personal Data.

User's Responsibilities. User shall submit or make available Personal Data to DreamSage for Processing in accordance with the requirements of the Applicable Privacy Laws. User shall have sole responsibility for the initial accuracy, quality, and legality of Customer Data. User instructs DreamSage to Process Personal Data for the following purposes: (i) Processing in accordance with the Agreement, including to provide the Services; (ii) Processing initiated by Users in their use of the Site.

DreamSage shall be prohibited from selling, retaining, using, or disclosing Personal Data for any purpose other than to perform the Service in accordance with the Agreement and DPA and shall further refrain from collecting, selling or using any Personal Data except as necessary to perform its Business Purpose or Commercial Purpose. For the purposes of the CCPA, the parties acknowledge and agree that the DreamSage will act as a "Service Provider" and not as a "Third Party," as such terms are defined in the CCPA, in its performance of its obligations pursuant to the Agreement.

SECURITY OF PROCESSING

DreamSage will implement and maintain appropriate technical and organizational security measures to prevent Security Incidents and to preserve the security, availability, integrity, and confidentiality of Personal Data. DreamSage shall ensure that its personnel engaged in the Processing of Personal Data are informed of the confidential nature of the Personal Data, and have received appropriate training on their responsibilities and have executed written confidentiality agreements.

COMPLIANCE WITH LAWS

Each party will comply with all applicable laws, rules, and regulations (including Applicable Privacy Law) in its performance of this DPA. DreamSage certifies that it understands the requirements under this DPA, including without limitation requirements under CCPA and that it will abide by it.

SUBPROCESSORS

The current list of Sub-processors engaged in Processing Personal Data for the performance of each applicable Service, are located at https://www.dreamsage.ai/privacy-policy. DreamSage shall be liable for the acts and omissions of its Sub-processors to the same extent DreamSage would be liable if performing the services of each Sub-processor directly under the terms of this DPA, unless otherwise set forth in the Agreement.

CATEGORIES OF PERSONAL DATA

The subject matter, nature and purpose and details and duration of the data processing and the details of the type of Personal Data and categories of data subjects are as determined by the User and as permitted under the applicable Agreement.

SECURITY BREACH

In the event of a Security Incident, DreamSage will notify User, without undue delay, after DreamSage becomes aware of the Security Incident, via email address or as may be provided in the Services user interface, or as otherwise required under Applicable Privacy Law. DreamSage will supply User with information regarding the Security Incident (to the extent applicable and such information is available). DremApp will, promptly, commence an investigation of and take appropriate remedial steps to prevent and minimize any possible harm.

RETURN AND DELETION

DreamSage shall return or delete Personal Data, to the extent allowed by applicable law, in accordance with DreamSage's data retention policies and procedures. Until such Personal Data is deleted or returned, DreamSage shall continue to comply with this DPA.

INTERNATIONAL TRANSFER

Personal Data may be transferred outside Europe. If, in the performance of the Services, Personal Data that is subject to the GDPR, UK GDPR, or any other law relating to the protection or privacy of individuals that applies in Europe is transferred out of Europe to countries which do not ensure an adequate level of data protection within the meaning of the Applicable Privacy Law, the transfer mechanism shall be in accordance with the Standard Contractual Clauses.

LIMITATION OF LIABILITY

Each party's liability, taken together in the aggregate, arising out of or related to this DPA, whether in contract, tort or under any other theory of liability, is subject to the Limitation of Liability Section under the Agreement. For the avoidance of doubt, DreamSage's total liability for all claims from User arising out of or related to the Agreement and DPA shall apply in the aggregate for all claims under both agreements.

GENERAL

This DPA will terminate automatically (i) upon termination of the Agreement; or (ii) until DreamSage ceases to process Personal Data. In the event of a conflict between the Agreement and this DPA, the terms of this DPA will take precedence to the extent of the conflict. If any part of this DPA be invalid or unenforceable, then the remainder of this DPA shall remain valid and in force. The invalid or unenforceable provision shall be either (i) amended as necessary to ensure its validity and enforceability while preserving the parties' intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.

HOW CAN YOU CONTACT US?

If you have any questions about this Policy or about the ways we use your Personal Information, please contact us at:

DreamSage LLC
17350 State Hwy 249, Ste 220 20215
Houston, TX 77064
support@dreamsage.ai