Data Processing Agreement

Effective: February 25, 2026

This Data Processing Agreement ("DPA") forms part of the agreement between Channel3, Inc. ("Processor", "we", "us") and the entity agreeing to these terms ("Controller", "you") for the use of Channel3's platform, APIs, and related services (the "Services"), as described in our Terms of Service.

This DPA applies where Channel3 processes personal data on behalf of the Controller in connection with the Services, and where such processing is subject to applicable data protection laws including the EU General Data Protection Regulation (GDPR), the UK GDPR, and other applicable privacy legislation.

1. Definitions

  • "Personal Data" means any information relating to an identified or identifiable natural person processed by Channel3 on behalf of the Controller in connection with the Services.
  • "Processing" means any operation performed on Personal Data, including collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, erasure, or destruction.
  • "Sub-Processor" means any third party engaged by Channel3 to process Personal Data on behalf of the Controller.
  • "Data Protection Laws" means all applicable laws relating to the processing of Personal Data, including the GDPR, UK GDPR, and the California Consumer Privacy Act (CCPA).

2. Scope and purpose of processing

Channel3 processes Personal Data solely for the purpose of providing the Services as described in the Terms of Service and as further instructed by the Controller. The categories of data subjects, Personal Data, and processing activities are determined by the Controller's use of the Services.

Typical categories include:

  • Data subjects: End users, developers, and business contacts of the Controller
  • Categories of data: Names, email addresses, organization information, IP addresses, device identifiers, usage data, and commerce interaction data
  • Processing activities: Providing platform access, processing API requests, analytics, authentication, and customer support

3. Obligations of the Processor

Channel3 shall:

  • Process Personal Data only on documented instructions from the Controller, unless required by applicable law
  • Ensure that persons authorized to process Personal Data are subject to confidentiality obligations
  • Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption in transit and at rest, access controls, and regular security assessments
  • Assist the Controller in responding to data subject requests (access, rectification, erasure, portability, restriction, and objection)
  • Assist the Controller in ensuring compliance with obligations related to security, breach notification, data protection impact assessments, and prior consultation
  • At the Controller's choice, delete or return all Personal Data upon termination of the Services, unless retention is required by applicable law
  • Make available to the Controller all information necessary to demonstrate compliance with this DPA and allow for audits

4. Sub-Processors

The Controller provides general authorization for Channel3 to engage Sub-Processors. A current list of Sub-Processors is available at our Sub-Processors page.

Channel3 will notify the Controller of any intended changes to Sub-Processors, giving the Controller the opportunity to object. Channel3 will impose data protection obligations on each Sub-Processor that are no less protective than those in this DPA.

5. Data breach notification

Channel3 will notify the Controller without undue delay (and in any event within 72 hours) after becoming aware of a personal data breach. The notification will include the nature of the breach, categories and approximate number of data subjects affected, likely consequences, and measures taken or proposed to address the breach.

6. International data transfers

Channel3 is based in the United States. Where Personal Data is transferred from the European Economic Area, the United Kingdom, or Switzerland to the United States or other countries without an adequacy decision, Channel3 will ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

7. Audit rights

Channel3 will make available to the Controller information reasonably necessary to demonstrate compliance with this DPA, and will allow for and contribute to audits, including inspections, conducted by the Controller or an auditor mandated by the Controller. Audits shall be conducted with reasonable notice and during normal business hours.

8. Term and termination

This DPA shall remain in effect for the duration of Channel3's processing of Personal Data on behalf of the Controller. Upon termination or expiry of the Services, Channel3 will, at the Controller's election, delete or return all Personal Data within a reasonable timeframe, unless retention is required by applicable law.

9. Governing law

This DPA shall be governed by the laws of the State of Delaware, USA, without regard to conflict of laws principles, except where Data Protection Laws require otherwise.

Contact us

For questions about this DPA or to exercise any rights, contact us at founders@trychannel3.com.