Data Processing Agreement — LinkRivo

This Data Processing Agreement ("DPA") is entered into between you (the "Customer", acting as data controller) and ELITE CAPITAL GROUP LLC ("LinkRivo", acting as data processor) and forms part of the Terms of Service governing your use of LinkRivo (the "Service"). It reflects the parties' commitments under the EU General Data Protection Regulation (GDPR), the UK GDPR, and similar data-protection laws.

1. Definitions

Terms such as "personal data", "processing", "data subject", "controller", "processor", and "sub-processor" have the meanings set out in the GDPR. "Customer Personal Data" means any personal data that LinkRivo processes on behalf of Customer in connection with the Service.

2. Scope and roles

With respect to Customer Personal Data, Customer is the controller and LinkRivo is the processor. LinkRivo will process Customer Personal Data only on documented instructions from Customer, including as set out in the Terms of Service and this DPA, unless required to do so by law.

3. Nature and purpose of processing

LinkRivo processes Customer Personal Data to provide, secure, and support the Service, including hosting pages and links, routing traffic, processing payments, delivering transactional emails, and producing usage analytics.

4. Categories of data subjects and data

Data subjects — Customer's end users (visitors of the public pages), Customer's team members, and Customer itself.
Personal data — account identifiers (email, hashed password, name); billing data (via Stripe); content uploaded or linked by Customer; analytics events (hashed IP, country, device, browser, OS, referrer, timestamp); security logs.

5. Duration

LinkRivo processes Customer Personal Data for the duration of Customer's use of the Service, plus any retention period described in our Privacy Policy or required by law.

6. Confidentiality

LinkRivo ensures that all personnel authorized to process Customer Personal Data are subject to obligations of confidentiality, whether by contract or statutory duty.

7. Security measures

LinkRivo implements appropriate technical and organizational measures to protect Customer Personal Data, including:

TLS 1.3 encryption for data in transit;
Encryption at rest for database backups;
Password hashing using scrypt;
Role-based access control, least-privilege principles, and audit logging of administrative access;
Regular vulnerability patching of infrastructure and dependencies;
Separation of production and non-production environments;
Incident response procedures with defined notification timelines.

8. Sub-processors

Customer authorizes LinkRivo to engage the following sub-processors to provide the Service:

Sub-processor	Purpose	Location
Stripe, Inc.	Payment processing and subscription billing	United States
Resend (Resend Inc.)	Transactional email delivery	United States
Cloudflare, Inc.	DNS, CDN, DDoS protection, custom domain SSL	United States (global edge)
Railway Corp.	Application hosting, PostgreSQL, Redis	United States
MaxMind, Inc.	Offline GeoIP lookup for analytics	United States
IPQualityScore	Bot / VPN detection (optional shield feature)	United States

LinkRivo will inform Customer of any intended additions or replacements of sub-processors at least 30 days in advance. If Customer objects on reasonable data-protection grounds, Customer may terminate the Service by written notice to LinkRivo before the change takes effect.

9. International transfers

To the extent that the provision of the Service involves transfers of Customer Personal Data from the EEA, UK, or Switzerland to a country not recognized as providing an adequate level of protection, the parties rely on the EU Standard Contractual Clauses (Module 2: controller-to-processor) and the UK International Data Transfer Addendum, which are incorporated into this DPA by reference.

10. Assistance to Customer

Taking into account the nature of the processing, LinkRivo will assist Customer in fulfilling its obligations to:

Respond to data subject requests (access, rectification, erasure, portability);
Conduct data protection impact assessments, where applicable;
Notify data subjects and supervisory authorities of personal data breaches, where required.

11. Personal data breaches

LinkRivo will notify Customer without undue delay, and in any event within 72 hours of becoming aware, of any personal data breach affecting Customer Personal Data. The notification will include the information reasonably required by Customer to meet its own notification obligations under applicable law.

12. Deletion and return of data

Upon termination of the Service, LinkRivo will delete or return all Customer Personal Data within a reasonable period (and in any event within 90 days), except to the extent retention is required by applicable law. Customer is responsible for exporting any data it wishes to retain before termination takes effect.

13. Audits

LinkRivo will make available to Customer, upon reasonable request and subject to appropriate confidentiality obligations, information necessary to demonstrate compliance with this DPA, including summaries of security assessments or relevant third-party audit reports if and when they become available. Customer may request an audit no more than once every 12 months, except in case of a confirmed security incident or regulatory requirement.

14. Liability

The liability of each party under and in connection with this DPA is subject to the limitations and exclusions of liability set out in the Terms of Service.

15. Order of precedence

In the event of any conflict between this DPA and the Terms of Service, this DPA prevails with respect to the processing of personal data.

16. Contact

For any question related to this DPA or to exercise data protection rights, contact [email protected].