Data Processing Agreement (DPA)

Last updated: June 7, 2026

This Data Processing Agreement (“DPA”) supplements Conty’s Terms of Use and Privacy Policy when we act as processor of personal data on behalf of brand and enterprise customers (“Controller”).

Scope and roles

The Controller defines purposes and legal bases. Conty processes data per documented Controller instructions, solely to deliver the creator campaign platform, payments, metrics, and contracted support.

Security measures

We apply technical and organizational controls proportionate to risk: encryption in transit, access control, environment segregation, incident logging, and periodic vendor review (including hosting and payment processing).

Subprocessors

We may use subprocessors essential to operations (e.g., cloud infrastructure, transactional email, and analytics when authorized). An updated list is available on request; contractual data protection obligations are equivalent.

Data subject rights and incidents

We assist the Controller with data subject requests (access, correction, deletion, portability, objection) within reasonable timeframes. We notify relevant security incidents without undue delay so the Controller can meet ANPD and data subject obligations.

DPA contact

To execute or review an enterprise DPA: [email protected] or [email protected].