🚀FeedPilot← Back to Dashboard

Data Processing Agreement (DPA)

Last updated: December 30, 2025

1. Parties

This Data Processing Agreement ("Agreement") is entered into between:

  • Controller: the Client using the FeedPilot Service
  • Processor: MiƂosz Sobieniowski, operating as MiƂosz Sobieniowski (JDG), Address: Jana Chryzostoma Paska 3a, 30-397 KrakĂłw, Poland, Tax ID (NIP): 6792888865, Email: sobieniowski@gmail.com

2. Subject Matter and Duration

This Agreement governs the processing of personal data by the Processor on behalf of the Controller in connection with the provision of the FeedPilot Service.

Processing shall continue for the duration of the Controller's use of the Service, unless otherwise agreed in writing.

3. Nature and Purpose of Processing

The Processor processes personal data solely for the purpose of providing the Service, including:

  • processing and transforming product feed data
  • AI-assisted content generation (where enabled by the Controller)
  • technical operation, security, and troubleshooting

4. Types of Personal Data and Data Subjects

The processed data may include:

  • contact data (e.g. email address, name)
  • business identifiers and seller account identifiers
  • product-related data submitted by the Controller
  • technical and usage data necessary for service operation

Data subjects may include employees, contractors, or representatives of the Controller.

5. Processor Obligations

  • process personal data only on documented instructions of the Controller
  • ensure confidentiality of persons authorized to process the data
  • implement appropriate technical and organizational security measures
  • assist the Controller in responding to data subject requests
  • notify the Controller without undue delay of any personal data breach

6. Subprocessors

The Controller grants general authorization for the Processor to engage subprocessors for the provision of the Service.

Subprocessors may include cloud infrastructure, CDN, security, and AI service providers (e.g. Render, Cloudflare, OpenAI).

A current list of subprocessors is available upon request.

7. International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), the Processor shall ensure appropriate safeguards, including the use of the European Commission's Standard Contractual Clauses (SCCs).

8. Security Measures

The Processor applies reasonable technical and organizational measures to protect personal data, including encryption in transit, access controls, and abuse prevention mechanisms.

9. Deletion or Return of Data

Upon termination of the Service, the Processor shall delete or anonymize personal data processed on behalf of the Controller, unless retention is required by applicable law.

10. Liability

Liability under this Agreement shall be subject to the limitations set forth in the applicable Terms of Service.

11. Governing Law

This Agreement shall be governed by the laws of Poland.