1. Welcome

1.1 Introduction

We're thrilled to have you use Finsweet's Products and Services. This document outlines the Data Processing Addendum ("DPA") that govern your use of our offerings. 

Finsweet Inc. is the company behind all the awesome Products and Services you're using. When we say "Finsweet," "we," "us," or "our" in these Terms, we’re talking about Finsweet Inc. When we say "you" or "Customer," we mean you - the individual or company using our Products and Services.

By using Finsweet's Products and Services, or accessing our content on any platform, you're agreeing to these Terms, so give them a thorough read. If you're accepting for a company or other legal entity, you're confirming you've got the authority to do so. In that case, "you" means that entity. By accepting these Terms, you're confirming that you have the right to enter into this agreement, either for yourself or on behalf of your company. If you're acting on behalf of a company, you're promising us that you have the authority to bind that company to these Terms.

Capitalized terms not defined in these Terms have the meaning given to them in our other applicable agreements referenced herein.

1.2 Products and Services

Finsweet’s “Products and Services” include:

• Products, like Wized, Attributes, Client-First, Components, and CMS Bridge 
• Content, like SEO Guide, tutorials, documentation, educational resources, affiliate links, this website (Finsweet.com and any subdomain of Finsweet.com), and YouTube content.
• Tools, like Finsweet Extension, Support Forum, Open Source initiatives, code snippets, and repos

In our Agreement, we may say “Products” or  “Services” to represent Products and Services. We’re always innovating at Finsweet, so this list of Products and Services may change. Any future Products that we create at Finsweet will also be covered under these Terms and the Agreement.

1.3 Applicable terms

When you use Finsweet's Products and Services, you're agreeing to these Terms, as well as our Acceptable Use Policy, Intellectual Property Policy, Cookie Policy, and any other applicable agreements or policies referenced on website’s legal pages (collectively, the "Agreement"). You can find these applicable agreements and policies at Finsweet.com/legal/home. If you're using specific Finsweet Products or Services, additional terms may apply—we'll make sure to let you know about those.

Remember, these Terms apply from the moment you start using our Products and Services until you decide to stop using them or your subscription ends.

Please take the time to read through this Agreement carefully. By using Finsweet's Products and Services, you're indicating that you understand and accept these terms. If something doesn't make sense or you don't agree with part of it, please don't use our Products and Services until we've had a chance to clarify things for you.

We know that was a lot of legal language, but it's important stuff. Here's what it means in simpler terms:

1. By using our Products and Services, you're agreeing to all our terms.
2. If you don't agree, you can't use our stuff.
3. You're promising us you have the authority to agree to these terms.
4. If you're agreeing on behalf of a company, you're confirming you have the power to do so.

2. Definitions

Let's break down the key terms. We've aimed to make these definitions clear and relevant to your experience with Finsweet:

2.1. "Affiliate" refers to an entity that controls, is controlled by, or shares control with a party to this Agreement. Think of it as your company's extended family in the corporate world.

2.2. "Agreement" means any arrangement between Finsweet and you for our Services. This could include our web development expertise, use of our Products (like Wized, Attributes, Components, Client-First, CMS Bridge, and the Finsweet Extension), Finsweet+ membership, or any other solutions we've agreed to provide.

2.3. "Authorized Affiliate" is any of your Affiliates that are subject to data protection laws, can use our Services under our Agreement, and haven't signed a separate agreement with us.

2.4. "Controller" is the entity (usually you) that decides why and how Personal Information is processed. You're in the driver's seat here.

2.5. "Customer" means you and any of your Authorized Affiliates who've agreed to this DPA. You're the reason we do what we do!

2.6. "Customer Personal Information" is all the Personal Information we process for you, except for Customer Relationship Data. This could include data from your Webflow projects, Wized applications, or any other content created using our tools.

2.7. "Customer Relationship Data" is the information we need to maintain our awesome working relationship, like contact details and billing information.

2.8. "Customer Workforce" refers to your team members who have access to our Services. These are the folks building amazing websites and apps alongside you.

2.9. "Data Breach" means a security incident affecting Customer Personal Information. We take this seriously and have comprehensive measures in place to prevent it.

2.10. "Data Protection Laws" include all applicable laws and regulations related to data protection and privacy, such as the GDPR, UK GDPR, and CCPA.

2.11. "Data Subject" is the individual person who the Personal Information is about. This could be your clients, website visitors, or app users.

2.12. "EEA" stands for the European Economic Area.

2.13. "End User" means anyone who interacts with content created using our Services, like visitors to your website or application.

2.14. "EU Standard Contractual Clauses" or "EU SCCs" are standard contract terms approved by the EU for transferring personal data outside the EEA.

2.15. "GDPR" refers to the General Data Protection Regulation (EU) 2016/679. It's a big deal in data protection, and we've got you covered.

2.16. "Personal Information" is any information relating to an identifiable individual. In the web world, this could be user profiles, form submissions, or custom data in your CMS.

2.17. "Processing" means any operation performed on Personal Information, such as collection, storage, use, or deletion.

2.18. "Processor" is the entity that processes Personal Information on behalf of the Controller. That's usually us when we're working our magic on your website projects.

2.19. "Regulator" means any authority overseeing data protection laws.

2.20. "Subprocessor" is any processor we engage to help us process your Personal Information. We're picky about who we work with to ensure your data is in good hands.

3. Scope and applicability

We believe in transparency, so let's clarify what this DPA covers:

• This DPA applies when we process Customer Personal Information for you as part of our website development Services, Product offerings, or community resources.
• In most cases, we're the Processor of your Personal Information, while you're either a Controller or a Processor, depending on how you're using our Services.
• This DPA doesn't apply to Customer Relationship Data, which we handle as an independent Controller to keep our collaboration smooth.
• If there's any conflict between this DPA and our main Agreement when it comes to data protection, this DPA takes the lead.
• This DPA is governed by the same laws as our main Agreement. Any claims brought under this DPA are subject to the terms and conditions of our main Agreement, including any limitations set out there. 

4. Roles and responsibilities

We're partners in this data protection journey. Here's what we each bring to the table:

4.1. Your responsibilities: a) Comply with your obligations as a Controller under Data Protection Laws. b) Obtain all necessary consents and provide all required notices to Data Subjects. This is crucial for things like form submissions or user data on your website. c) Ensure the accuracy, quality, and legality of the Personal Information you provide us. Your data is the foundation of the amazing projects we'll build together.

4.2. Our responsibilities: a) Process Customer Personal Information only on your documented instructions, unless required otherwise by law. We're here to bring your vision to life, not to call audibles with your data. b) Ensure our team members who might handle your data are committed to confidentiality. Your secrets (and your data) are safe with us. c) Implement robust security measures to protect your data. We treat your information as sensitive and private.

5. Subprocessing

Sometimes we need to call in reinforcements. Here's how we handle that:

5.1. You agree that we may engage Subprocessors to help process Customer Personal Information. We'll keep an up-to-date list of these Subprocessors available for you.

5.2. We'll make sure our Subprocessors adhere to the same high standards we set for ourselves when it comes to data protection.

5.3. We remain fully responsible for our Subprocessors' compliance with this DPA.

6. International transfers

Your data might need to travel, and here's how we handle that:

6.1. We may transfer and process Customer Personal Information globally where we, our Affiliates, or our Subprocessors operate. Your website projects and Finsweet Product data might be traveling around the world, but always with our high security standards in place.

6.2. For transfers from regions with restrictions on cross-border data transfers, we'll ensure appropriate safeguards are in place. We're as meticulous about this as we are about our website development standards.

7. Data subject rights

We're here to help you respond to data subject requests:

7.1. We'll promptly notify you if we receive a request from a Data Subject to exercise their rights under Data Protection Laws. This could happen if someone wants to know what data your website or application has collected about them.

7.2. We'll provide reasonable assistance in handling these requests, to the extent we're legally permitted and you can't do it yourself through our Services or Products.

8. Data breaches

In the unlikely event of a data breach, we have a gameplan. As part of our active SOC2 compliace, we have a series of comprehensive steps to take if a data breach occurs. Learn more about our dedication to security here: https://finsweet.com/company/security 

9. Deletion or return of customer personal information

When our work together is done, here's what happens to your data:

8.1. Upon termination of the Agreement, we'll either delete or return all your Customer Personal Information, based on your preference. We'll also delete existing copies unless the law requires us to store the data. We're as thorough with data cleanup as we are with our code.

10. Audit rights

We're confident in our practices, and we're happy to prove it:

10.1. Upon request, we'll provide information to demonstrate our compliance with this DPA, subject to confidentiality obligations.

10.2. You may audit our compliance with this DPA, subject to reasonable notice and not more than once per year unless required by law. We'll work with you to ensure this process doesn't disrupt our operations or compromise other customers' data.

11. If you don’t agree, stop using our services

Make sure sure you agree to this DPA and every policy that’s part of the Agreement. If you don’t, you should discontinue use of Finsweet’s Products and Services immediately.

12. Changes to this DPA

We may update this DPA from time to time to reflect changes in our Services, legal requirements, or business practices. If we make any significant changes, we'll notify you by email or by posting a prominent notice on our website before the changes become effective. We encourage you to review this DPA periodically for the latest information on our service policies. Your continued use of Finsweet's Services after any changes constitutes acceptance of the updated DPA. If you don't agree with the revised DPA, you should discontinue use of our Services.

13. Contact us

We’re ready to help clarify anything about our Agreement. 

We prefer email because we’ll receive your message quickly and be able to respond quickly. Send an email to [email protected] to get the conversation started.

If physical mail is a must, you can reach us at: Finsweet, 1001A E Harmony Rd. #15, Fort Collins, CO, 80525, United States.