Data Processing Agreement

Last updated: January 2025

This Data Processing Agreement ("DPA") forms part of the Terms of Service between you ("Customer" or "Data Controller") and Gibo LLC ("Gibo" or "Data Processor") for the provision of Gibo's business management services.

1. Definitions

Terms used in this DPA have the meanings given in applicable data protection laws, including:

  • Personal Data: Any information relating to an identified or identifiable natural person
  • Processing: Any operation performed on personal data
  • Data Controller: The entity that determines the purposes and means of processing personal data
  • Data Processor: The entity that processes personal data on behalf of the Data Controller

2. Scope and Application

This DPA applies to the processing of personal data by Gibo on behalf of Customer in connection with the Gibo services, including:

  • Student information and attendance records
  • Employee data and scheduling information
  • Parent and guardian contact details
  • Payment and billing information

3. Data Processing Details

Categories of Data Subjects:

  • Students enrolled in Customer's programs
  • Parents and guardians of students
  • Customer's employees and staff
  • Customer's authorized users

Types of Personal Data:

  • Names, addresses, phone numbers, email addresses
  • Date of birth and age information
  • Attendance and progress records
  • Payment and billing information
  • Emergency contact information

4. Gibo's Obligations

Gibo agrees to:

  • Process personal data only on documented instructions from Customer
  • Ensure confidentiality of personal data
  • Implement appropriate technical and organizational security measures
  • Assist Customer in responding to data subject requests
  • Notify Customer of any personal data breaches without undue delay
  • Delete or return personal data upon termination of services

5. Security Measures

Gibo implements industry-standard security measures including:

  • Encryption of data in transit and at rest
  • Regular security assessments and audits
  • Access controls and authentication mechanisms
  • Regular backup and disaster recovery procedures
  • Employee training on data protection practices

6. Sub-Processors

Gibo may engage third-party sub-processors to provide services. Current sub-processors include:

  • Cloud hosting providers (e.g., Fly.io, Firebase)
  • Payment processors (e.g., Stripe)
  • Analytics services (e.g., Google Analytics)

Customer will be notified of any changes to sub-processors with at least 30 days' notice.

7. Data Subject Rights

Gibo will assist Customer in fulfilling data subject rights requests, including:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability

8. Data Breach Notification

In the event of a personal data breach, Gibo will:

  • Notify Customer without undue delay (within 72 hours when possible)
  • Provide details of the nature of the breach
  • Describe measures taken to address the breach
  • Assist Customer in any required breach notifications to authorities or data subjects

9. Data Retention and Deletion

Personal data will be:

  • Retained only as long as necessary for the provision of services
  • Deleted or anonymized upon Customer's request
  • Automatically deleted within 30 days of service termination

10. International Transfers

Personal data may be transferred to countries outside your jurisdiction. Gibo ensures appropriate safeguards are in place for such transfers in accordance with applicable data protection laws.

11. Contact Information

For questions about data processing, contact our Data Protection Officer at:

Gibo LLC
Email: hello@gibo.app

Back to Home