Data Processing Agreement

Last updated: June 30, 2026

This Data Processing Agreement ("DPA") forms part of the agreement between CEYMOB LLC ("Processor") and the customer ("Controller") for the provision of services as described in our Terms of Service. This DPA is entered into pursuant to Article 28 of the General Data Protection Regulation (EU) 2016/679 ("GDPR").

1. Definitions

In this DPA, the following terms have the meanings set out below:

"Personal Data" means any information relating to an identified or identifiable natural person, as defined in GDPR Article 4(1).
"Processing" means any operation performed on Personal Data, as defined in GDPR Article 4(2).
"Sub-processor" means any third party engaged by the Processor to process Personal Data on behalf of the Controller.
"Data Subject" means the identified or identifiable natural person to whom the Personal Data relates.

2. Scope and Purpose of Processing

The Processor shall process Personal Data only on documented instructions from the Controller, including with regard to transfers of Personal Data to a third country, unless required to do so by applicable law.

The purpose of processing is to provide the services described in the Terms of Service, including SaaS analytics, app intelligence, and related platform features.

3. Types of Personal Data

The categories of Personal Data processed under this DPA may include:

Account information (name, email address, company name)
Usage data (IP addresses, browser information, feature usage logs)
Payment information (processed by third-party payment processors)
Any other data submitted by the Controller through the services

4. Data Subject Categories

Data Subjects may include the Controller's employees, contractors, end users, and customers whose data is processed through the services.

5. Obligations of the Processor

The Processor shall:

Process Personal Data only on documented instructions from the Controller.
Ensure that persons authorized to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption of data in transit and at rest, access controls, and regular security assessments.
Assist the Controller in responding to requests from Data Subjects exercising their rights under GDPR (access, rectification, erasure, portability, restriction, and objection).
Assist the Controller in ensuring compliance with obligations related to security of processing, data breach notification, data protection impact assessments, and prior consultation.
At the choice of the Controller, delete or return all Personal Data after the end of the provision of services, and delete existing copies unless applicable law requires storage.
Make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in GDPR Article 28, and allow for and contribute to audits and inspections.

6. Sub-processors

The Processor shall not engage another processor (sub-processor) without prior specific or general written authorization of the Controller. In the case of general written authorization, the Processor shall inform the Controller of any intended changes concerning the addition or replacement of sub-processors, thereby giving the Controller the opportunity to object to such changes.

Current sub-processors are available upon request by contacting info@ceymob.com.

7. Data Transfers

The Processor shall not transfer Personal Data to a country outside the European Economic Area (EEA) unless appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or the recipient is in a country with an adequacy decision.

8. Data Breach Notification

The Processor shall notify the Controller without undue delay after becoming aware of a personal data breach. The notification shall include:

A description of the nature of the breach, including the categories and approximate number of Data Subjects and records concerned
The name and contact details of the Processor's data protection contact
A description of the likely consequences of the breach
A description of the measures taken or proposed to address the breach

9. Duration and Termination

This DPA shall remain in effect for the duration of the Processor's processing of Personal Data on behalf of the Controller. Upon termination of the services, the Processor shall, at the Controller's election, return or delete all Personal Data within 30 days.

10. Governing Law

This DPA shall be governed by the laws of the State of Wyoming, United States, without prejudice to the mandatory provisions of GDPR that apply regardless of the governing law chosen.

11. Contact

For questions about this DPA or to request a signed copy, please contact us:

CEYMOB LLC
30 N Gould St, Suite 50327
Sheridan, WY 82801, United States
info@ceymob.com
(307) 487-8607