Data Processing Addendum (Short Form)

Plain-language summary for our Service. Have your legal team review if required.

1) Roles & Scope

Customer is the controller/business. SeaBird is the processor/service provider and processes Customer Personal Data only to provide and secure the Service, in accordance with Customer’s documented instructions in the Agreement and this DPA.

No sale or sharing: SeaBird does not “sell” or “share” Personal Information (as defined by CPRA) and does not use Customer Personal Data for cross-context behavioral advertising.

Out of scope (website analytics): Personal Data collected on public marketing pages (e.g., seabirdtaylon.com) via tools like Google Analytics is controlled by SeaBird as described in the Privacy Policy and is not Customer Personal Data under this DPA.

2) Customer Instructions

SeaBird will process Customer Personal Data as necessary to deliver features Customer enables (e.g., the Collector), operate the Service, update Google IP block list, and provide support. Additional instructions require written agreement.

3) Security

SeaBird maintains appropriate technical and organizational measures, including access controls, encryption in transit, logging/monitoring,, backups, and incident response procedures proportionate to the Service.

4) Subprocessors

SeaBird may use subprocessors under written commitments no less protective than this DPA. The current list is published at /subprocessors (presently Stripe for payments). SeaBird will provide notice of new subprocessors where legally required and offer a reasonable objection mechanism.

5) Assistance

Taking into account the nature of processing, SeaBird will reasonably assist Customer with data subject requests and security/breach obligations, to the extent Customer cannot fulfill them independently via the Service.

6) Retention & Deletion

SeaBird runs an automated purge approximately every 24 hours. Unless lawfully required to retain data longer, we retain:

• Visit Logs (raw): 90 days
• Visits (summaries): 120 days
• Fraud Verdicts/Classifications: 14 days
• Block Candidates: 120 days

Upon termination or Customer’s written request, SeaBird will delete or de-identify Customer Personal Data within 30 days, subject to lawful retention and limited retention for security, audit, and dispute handling.

7) Incident Notice

SeaBird will notify Customer without undue delay after becoming aware of a Personal Data Breach affecting Customer Personal Data and will provide information reasonably available for Customer’s obligations.

8) International Transfers

If Customer Personal Data from the EEA/UK/Switzerland is transferred to a country without an adequacy decision, the parties will implement an appropriate transfer mechanism (e.g., EU Standard Contractual Clauses and, if applicable, the UK addendum) upon request or as required by law.

9) Precedence & Liability

This DPA is part of the Agreement and, for processing of Personal Data, controls over conflicting terms in the Agreement. Liability is limited as set out in the Agreement.

10) Term

This DPA lasts for the term of the Agreement and ends when SeaBird deletes all Customer Personal Data in accordance with Section 6.

---

Key Processing Details (Informative)

• Subject matter: Click fraud detection and blocking for Google Ads.
• Nature & purposes: Collect visit/interaction signals; classify invalid traffic; generate report and block lists; sync with ad platforms; secure/operate the Service.
• Data subjects: Customer website visitors/end users; Customer personnel with account access.
• Categories: IP address, user agent/device metadata, URL paths/query strings (capped as configured), interaction metrics (scroll/dwell), campaign parameters, account/user identifiers, billing contact data.
• Special categories: Not intended or required.
• Frequency/Duration: Continuous during use; retained per Section 6.

---

Execution

By using the Service on or after the Effective Date, Customer and SeaBird agree this DPA is incorporated into the Agreement. For a countersigned copy, contact support@seabird.biz.