PaidLens
← Back to Home
Privacy PolicyTerms of ServiceData Processing AgreementCookie PolicyData RetentionSecurity

Data Processing Agreement

Last updated: May 16, 2026

This Data Processing Agreement (“DPA”) forms part of the Terms of Service between PaidLens Inc. (“PaidLens,” “Processor,” “we,” or “us”) and the organization using the PaidLens platform (“Customer,” “Controller,” or “you”). This DPA applies when PaidLens processes Personal Data on behalf of Customer in connection with the Service.

1. Processing Details

  • Subject matter: Provision of a commission intelligence, reporting, dispute management, and payout visibility platform.
  • Duration: For the term of Customer’s subscription plus the deletion/export period described in our Data Retention Policy.
  • Purpose: To host, analyze, display, secure, and support Customer’s commission and compensation-related data.
  • Data subjects: Customer employees, contractors, sales representatives, administrators, and authorized users.
  • Data categories: Names, emails, roles, departments, commission amounts, payout records, sales performance metrics, account assignments, dispute details, login logs, and audit records.

2. Processor Obligations

PaidLens will:

  • Process Personal Data only on Customer’s documented instructions, including these Terms and product configuration choices.
  • Ensure personnel authorized to process Personal Data are bound by confidentiality obligations.
  • Implement appropriate technical and organizational security measures.
  • Assist Customer, where reasonably possible, with data subject access, correction, deletion, portability, and objection requests.
  • Notify Customer without undue delay after becoming aware of a confirmed Personal Data breach.
  • Delete or return Personal Data after termination according to the Data Retention Policy, unless law requires continued retention.
  • Make available information reasonably necessary to demonstrate compliance with this DPA.

3. Customer Obligations

Customer is responsible for:

  • Having a lawful basis to upload and process Personal Data in PaidLens.
  • Providing any required notices to employees, contractors, or other data subjects.
  • Ensuring that uploaded Customer Data is accurate, lawful, and limited to what is necessary.
  • Managing user roles, permissions, access reviews, and offboarding.
  • Responding to data subject requests where Customer is the controller.

4. Security Measures

PaidLens maintains administrative, technical, and organizational safeguards including:

  • Encryption in transit using TLS and encryption at rest where supported by infrastructure.
  • Role-based access controls and organization-level tenant isolation.
  • Multi-factor authentication support.
  • Audit logging for key administrative and data access events.
  • Least-privilege internal access practices.
  • Secure software development practices and vulnerability remediation.
  • Backup and recovery controls appropriate to the Service tier.

5. Sub-processors

PaidLens may use third-party sub-processors to provide hosting, infrastructure, email, analytics, support, payment, and security services. PaidLens will impose data protection obligations on sub-processors that are substantially similar to those in this DPA. Customer may request the current sub-processor list by contacting [email protected].

6. International Transfers

Where Personal Data is transferred internationally, PaidLens will use appropriate safeguards required by applicable Data Protection Laws, which may include Standard Contractual Clauses, UK addenda, or other lawful transfer mechanisms.

7. Data Subject Requests

If PaidLens receives a request from a data subject relating to Customer Data, PaidLens will direct the requester to Customer where appropriate. PaidLens will provide reasonable assistance to Customer in fulfilling valid requests, subject to authentication, product capabilities, and applicable law.

8. Breach Notification

PaidLens will notify Customer without undue delay after confirming a Personal Data breach affecting Customer Data. The notice will include available information about the nature of the breach, affected data, likely consequences, remediation steps, and contact point for follow-up.

9. Return and Deletion

Upon termination, Customer may export Customer Data during the export window. After that period, PaidLens will delete Customer Data from production systems and backups according to the Data Retention Policy unless retention is required by law or needed to resolve disputes, enforce agreements, or preserve security records.

10. Audit and Compliance

PaidLens will make reasonable compliance information available upon request. Any formal audit must be mutually agreed, limited to systems relevant to Customer Data, conducted during business hours, and subject to confidentiality and security requirements.

11. Contact

For privacy or data processing questions, contact [email protected].