Legal
Data Processing Addendum (DPA)
PacedLoop
This Data Processing Addendum (DPA) forms part of the Terms of Service between PacedLoop ("PacedLoop," "we," "us," or "Service Provider") and the Custom GPT creator or account holder ("Creator," "Business," or "you") using the PacedLoop platform.
This DPA applies when Creator uses PacedLoop to process personal information.
1. Purpose and Scope
PacedLoop provides workflow orchestration infrastructure that enables Creators to connect GPT-based experiences to automated workflows.
When Creator configures workflows that process personal information, PacedLoop processes that information solely to provide the Service.
This DPA governs that processing relationship.
2. Roles of the Parties
For personal information processed through Creator-configured workflows:
- Creator is the Business (or Controller) that determines the purposes and means of processing.
- PacedLoop acts as a Service Provider (or Processor) that processes personal information on behalf of Creator.
Creator is responsible for:
- Determining what data is collected through its GPTs
- Providing required notices to end users
- Obtaining any necessary consent
- Handling data subject or consumer requests
3. Nature of Processing
PacedLoop processes personal information solely to:
- Execute Creator-configured workflows
- Store workflow definitions and metadata
- Persist GPT-generated outputs
- Maintain system logs and security
PacedLoop does not:
- Sell personal information
- Share personal information for cross-context behavioral advertising
- Use personal information to build independent user profiles
- Train AI models using Creator workflow content
4. Restrictions on Use of Personal Information
PacedLoop shall:
- Process personal information only to provide the Service
- Not retain, use, or disclose personal information outside the direct business relationship with Creator
- Not combine personal information received from Creator with personal information from other sources, except as permitted by law
These restrictions are intended to qualify PacedLoop as a Service Provider under applicable U.S. privacy laws, including the California Consumer Privacy Act (CCPA/CPRA).
5. Confidentiality
PacedLoop shall ensure that personnel with access to personal information are subject to confidentiality obligations.
6. Security Measures
PacedLoop implements reasonable administrative, technical, and physical safeguards designed to protect personal information, including:
- Encryption in transit
- Access controls
- Role-based system permissions
- Infrastructure monitoring
7. Subprocessors
PacedLoop may engage third-party service providers ("subprocessors"), such as:
- Cloud hosting providers
- Infrastructure vendors
- Payment processors
PacedLoop ensures that such subprocessors are subject to contractual obligations that provide reasonable protections for personal information.
8. Consumer and Data Requests
If PacedLoop receives a request directly from an end user regarding personal information submitted through a Creator's GPT, PacedLoop will:
- Notify the Creator (where appropriate), and
- Cooperate reasonably to assist Creator in responding.
Creator remains responsible for responding to such requests.
9. Retention and Deletion
PacedLoop retains personal information:
- As long as necessary to provide the Service
- In accordance with the retention policies described in the Terms and Privacy Policy
Upon termination of the Creator's account, PacedLoop will delete or anonymize personal information within a reasonable timeframe, subject to legal retention requirements and backup systems.
10. Compliance Representations
Creator represents and warrants that:
- It has provided appropriate privacy notices to end users
- It has obtained any required permissions or consents
- Its use of the Service complies with applicable laws
11. Limitation of Liability
Liability under this DPA is subject to the limitations of liability set forth in the Terms of Service.
12. Modifications
PacedLoop may update this DPA from time to time.
Continued use of the Service after updates constitutes acceptance of the revised DPA.