Playwise HQ Data Processing Addendum (DPA)
Last modified: 2 February 2026
This Data Processing Addendum (“DPA”) forms part of the agreement between:
Playwise HQ (“Processor”)
andCustomer (“Controller”)
This DPA applies where Playwise HQ processes Personal Data on behalf of Customer in connection with the Playwise HQ Service.
This DPA is incorporated into and governed by the Playwise HQ Terms of Service and any applicable Order Form (collectively, the “Agreement”).
1. Definitions
For purposes of this DPA, the terms “Personal Data,” “Processing,” “Controller,” “Processor,” and “Supervisory Authority” have the meanings given in the EU General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”).
“Customer Data” means any Personal Data submitted to the Service by or on behalf of Customer.
2. Roles of the Parties
Customer acts as the Controller of Customer Data.
Playwise HQ acts as the Processor of Customer Data to the extent it processes Personal Data on behalf of Customer in providing the Service.
Customer is responsible for determining the purposes and means of processing Customer Data.
3. Scope of Processing
3.1 Subject Matter
Playwise HQ provides a SaaS platform for competitive intelligence, battlecards, and sales enablement content.
3.2 Duration
Processing will continue for the duration of Customer’s subscription, unless otherwise agreed in writing.
3.3 Nature and Purpose of Processing
Playwise HQ processes Customer Data to:
Provide and operate the Service
Store and display Customer Content
Support collaboration and account functionality
Provide AI-powered insights and content generation features
Provide customer support and service improvements
3.4 Categories of Data Subjects
Customer Data may include Personal Data relating to:
Customer’s employees and contractors
Authorized users of the Service
Business contacts referenced in Customer Content
3.5 Categories of Personal Data
Customer Data may include:
Name, email address, and account identifiers
User activity metadata
Content entered into the platform that may reference individuals
Customer should not upload sensitive personal data unless explicitly agreed.
4. Processor Obligations
Playwise HQ agrees to:
4.1 Documented Instructions
Process Customer Data only on documented instructions from Customer, including as necessary to provide, maintain, secure, and improve the Service in accordance with the Agreement.
4.2 Confidentiality
Ensure that persons authorized to process Customer Data are subject to appropriate confidentiality obligations.
4.3 Security Measures
Implement appropriate technical and organizational measures designed to protect Customer Data against unauthorized or unlawful processing, accidental loss, destruction, or damage.
4.4 Service Improvement
Playwise HQ may process Customer Data for internal service improvement purposes, including platform reliability, security, feature performance, and aggregated or anonymized analytics, provided such processing does not disclose Customer Content or identify Customer except as necessary to deliver the Service.
4.5 No Sale of Customer Data
Not sell Customer Data or make Customer Data available to third parties except as necessary to provide the Service, comply with law, or as otherwise permitted under this DPA.
5. Confidentiality
Playwise HQ will ensure that all personnel with access to Customer Data are subject to confidentiality obligations.
6. Security Measures
Playwise HQ will maintain reasonable administrative, technical, and organizational safeguards designed to protect Customer Data, including measures such as:
Access controls and authentication
Encryption in transit where applicable
Monitoring for unauthorized access
Secure infrastructure hosting practices
7. Subprocessing
7.1 Authorization
Customer authorizes Playwise HQ to engage subprocessors to support delivery of the Service.
7.2 Approved Subprocessors
Playwise HQ currently uses the following subprocessors:
| Subprocessor | Purpose |
|---|---|
| MongoDB Atlas | Database hosting and storage |
| Stripe | Payment processing |
| Resend | Transactional email delivery |
| Render | Application hosting and infrastructure |
| OpenAI | AI-powered content generation and analysis |
| Anthropic | AI-powered content generation and analysis |
| Perplexity | AI-powered research and enrichment features |
Playwise HQ will remain responsible for ensuring that any subprocessors it engages are subject to appropriate data protection obligations, and for their compliance with this DPA, subject to the limitation of liability provisions in the Agreement.
7.3 Subprocessor Changes
Playwise HQ may update subprocessors as necessary. Where required, Playwise HQ will provide notice of material changes.
8. International Data Transfers
Customer acknowledges that Customer Data may be processed in countries outside the European Economic Area (“EEA”).
Where required, Playwise HQ will rely on appropriate safeguards, such as:
Standard Contractual Clauses (SCCs)
Other lawful transfer mechanisms under GDPR
9. Assistance to Customer
Playwise HQ will provide reasonable assistance to Customer in fulfilling obligations relating to:
Data subject access requests
Data portability, rectification, and deletion requests
GDPR compliance inquiries
Customer remains responsible for responding to individuals and regulators.
10. Personal Data Breach Notification
Playwise HQ will notify Customer without undue delay upon becoming aware of a Personal Data Breach affecting Customer Data.
Notification will include, where reasonably available:
Nature of the breach
Likely consequences
Measures taken or proposed to mitigate harm
11. Data Retention and Deletion
Upon termination or expiration of Customer’s subscription:
Customer may request an export of Customer Data where reasonably available
Playwise HQ may retain Customer Data for a limited period for legal, compliance, or dispute resolution purposes
After such period, Customer Data will be deleted or anonymized in accordance with Playwise HQ’s retention practices, unless otherwise agreed in writing
12. Audits and Compliance
Upon reasonable written request, Playwise HQ will provide information necessary to demonstrate compliance with this DPA.
Formal audits may be permitted only:
With reasonable notice
No more than once annually
Subject to confidentiality and security restrictions
Where required under applicable law or enterprise agreement
13. Liability
Liability under this DPA is subject to the limitation of liability provisions in the Agreement, unless prohibited by applicable law.
14. Governing Law
This DPA is governed by the same governing law and jurisdiction provisions as the Agreement.
15. Order of Precedence
In the event of conflict:
The Order Form
This DPA
The Terms of Service
will control in that order.
16. Contact
For privacy or data protection inquiries:
Playwise HQ
Email: support@playwisehq.com