1. Introduction
This Data Processing Agreement ("DPA") forms part of the Terms of Service between you ("Data Controller" or "Customer") and Modio LLC ("Data Processor" or "Processor") for the All-In Poker Tool service.
This DPA applies when Modio LLC processes personal data on your behalf as a data processor.
2. Definitions
- "Personal Data" means any information relating to an identified or identifiable natural person.
- "Processing" means any operation performed on Personal Data.
- "Sub-processor" means any third party engaged by Processor to process Personal Data.
- "Data Protection Laws" means applicable data protection laws including GDPR, CCPA, and other relevant regulations.
3. Scope of Processing
3.1 Subject Matter
The Processor will process Personal Data only as necessary to provide the All-In Poker Tool service as described in the Terms of Service.
3.2 Categories of Data Subjects
- Registered users of the Service
3.3 Categories of Personal Data
- Account information (email, display name)
- Session data (IP address, user agent)
- User-generated content (learning progress, quiz results, optional bankroll data)
3.4 Duration
Processing will continue for the duration of the service agreement or until account deletion.
4. Processor Obligations
The Processor shall:
- Process Personal Data only on documented instructions from the Controller
- Ensure persons authorized to process Personal Data are bound by confidentiality
- Implement appropriate technical and organizational security measures
- Assist the Controller in fulfilling data subject rights requests
- Delete or return all Personal Data upon termination of services
- Make available information necessary to demonstrate compliance
5. Security Measures
The Processor implements the following security measures:
- Encryption in Transit: All data transmitted via HTTPS/TLS
- Password Security: bcrypt hashing with 12 salt rounds
- Session Security: SHA-256 hashed tokens, HTTP-only cookies
- Access Control: Role-based access to production systems
- Data Backups: Daily encrypted backups with 7-day retention
- Rate Limiting: Protection against brute-force attacks
6. Sub-processors
The Controller authorizes the use of the following sub-processors:
| Sub-processor |
Purpose |
Location |
| Render |
Cloud hosting and database |
United States |
| Resend |
Transactional email delivery |
United States |
The Processor will inform the Controller of any intended changes to sub-processors, allowing reasonable time to object.
7. International Transfers
Personal Data is processed in the United States. For transfers from the EEA/UK, we rely on:
- Standard Contractual Clauses where applicable
- Adequacy decisions where available
8. Data Subject Rights
The Processor will assist the Controller in responding to requests from data subjects to exercise their rights under Data Protection Laws, including:
- Right of access
- Right to rectification
- Right to erasure
- Right to data portability
- Right to restriction of processing
- Right to object
9. Data Breach Notification
In the event of a personal data breach, the Processor will:
- Notify the Controller without undue delay (and within 72 hours where feasible)
- Provide information about the nature of the breach
- Describe likely consequences and measures taken
- Cooperate with the Controller in meeting notification obligations
10. Termination
Upon termination of the service agreement, the Processor will:
- Delete all Personal Data within 30 days
- Provide certification of deletion upon request
- Allow data export before account deletion
11. Contact
For DPA-related inquiries:
- Email: adrian@modio.tv
- Company: Modio LLC
- Address: 915 SW Rimrock Way STE 201-242, Redmond, OR 97756