Data Processing Addendum

This Data Processing Addendum ("DPA") is part of the agreement between you (the Merchant) and United Apps ("we", "our", or "us"), in relation to the use of the POS Layaway App. It outlines how we handle and protect personal data when acting as a data processor on your behalf.

1. Definitions

• Personal Data means any data related to an identified or identifiable person.
• Processing means any operation on Personal Data, including storage, access, and deletion.

2. Roles of the Parties

You are the Data Controller. We are the Data Processor. We process data only on your instructions, as necessary to deliver app functionality.

3. Scope of Data Use

We only process the following personal data:

• Customer names, emails, and phone numbers
• Billing and shipping addresses
• Reservation data and deposit amounts

We will never use this data for advertising, analytics, or resale.

4. Security Measures

We implement strong data protection practices, including:

• Encryption in transit and at rest
• Access controls and audit logging
• Separation of development and production environments

5. Data Subject Rights

We help merchants respond to data subject requests such as access, deletion, or export under applicable privacy laws.

6. Data Retention and Deletion

Personal data is deleted 30 days after a reservation is closed or the app is uninstalled. No unnecessary backups or duplicates are retained.

7. Subprocessors

We may use subprocessors (e.g., email/SMS providers) who are contractually bound to protect personal data. A current list is available upon request.

8. Contact

If you have questions about this DPA or data handling, contact us at:

Email: privacy@unitedapps.io