For business customers: This DPA applies where your use of Modified involves processing personal data subject to GDPR, UK GDPR, or equivalent laws. To receive a countersigned copy, email privacy@foundationx.com with your company name and account email.
This Data Processing Agreement ("DPA") is between Foundation X LLC ("Processor") and the customer entity using the Modified service ("Controller"), and supplements the Terms of Service.
"Personal Data" means any information relating to an identified or identifiable natural person, as defined in Article 4(1) GDPR.
"Processing" has the meaning given in Article 4(2) GDPR.
"Data Subject" means the individual to whom Personal Data relates.
"Sub-processor" means any third party engaged by the Processor to process Personal Data on the Controller's behalf.
The Controller determines the purposes and means of processing Personal Data (for example, by submitting website content to the Service). Foundation X acts as Processor, processing Personal Data solely on the Controller's documented instructions.
Foundation X processes Personal Data submitted by or on behalf of the Controller to convert, host, and serve website content; apply AI-assisted or human edits; and send transactional emails. The categories of data subjects and types of Personal Data processed depend on the content of the Controller's website. Foundation X does not control what Personal Data the Controller's website contains.
Foundation X will process Personal Data only on documented instructions from the Controller, as set out in the Terms of Service and this DPA. If required by law to process in a manner that conflicts with instructions, Foundation X will notify the Controller unless prohibited.
Foundation X ensures that personnel authorized to process Personal Data are bound by appropriate confidentiality obligations.
Foundation X implements appropriate technical and organizational measures, including:
The Controller authorizes Foundation X to engage the following sub-processors:
| Sub-processor | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) | Hosting, storage, email, AI processing | United States |
Foundation X will notify the Controller of intended changes to sub-processors at least 14 days in advance by updating this DPA. The Controller may object; if parties cannot resolve the objection, the Controller may terminate the affected Services. Foundation X imposes data protection obligations on sub-processors equivalent to those in this DPA.
Foundation X will assist the Controller in fulfilling obligations to respond to Data Subject requests (access, rectification, erasure, portability, objection). Direct requests to privacy@foundationx.com.
Foundation X will assist the Controller, taking into account the nature of processing and information available, with: security of processing, breach notification, data protection impact assessments, and prior consultation obligations.
Foundation X will notify the Controller without undue delay (and within 72 hours where feasible) after becoming aware of a personal data breach affecting data processed under this DPA, including the information required by Article 33(3) GDPR to the extent available.
Upon termination of the Service or upon written request, Foundation X will delete or return all Personal Data within 90 days, and delete existing copies, unless retention is required by law. Foundation X will confirm deletion in writing upon request.
The Controller may, upon reasonable notice and at its own expense, audit Foundation X's compliance with this DPA, or request that Foundation X provide a summary of relevant audit reports. Audits will not unreasonably disrupt Foundation X's operations.
Where Personal Data is transferred from the European Economic Area, UK, or Switzerland to the United States, such transfers are made under the EU Standard Contractual Clauses (SCCs) adopted by the European Commission, incorporated herein by reference. Foundation X will execute SCCs with the Controller upon request.
This DPA is governed by the laws of the State of Utah, USA, except where GDPR or applicable data protection law requires otherwise.
Foundation X LLC • Saratoga Springs, UT 84045 • privacy@foundationx.com
To execute this DPA for your organization, email privacy@foundationx.com with your company name and the email address associated with your Modified account. We will countersign and return a copy.