This Data Processing Addendum ("Addendum") amends and forms part of the Terms of Service ("Agreement") between DoggieDashboard ("Processor") and the business entity agreeing to these terms ("Controller" or "User").

"Applicable Data Protection Laws" means all privacy and data protection laws applicable to the processing of Personal Data under the Agreement, including, where applicable, the UK GDPR and the California Consumer Privacy Act (CCPA/CPRA), each as amended or replaced.

"Personal Data" means any information relating to an identified or identifiable natural person (such as pet owners, clients, or employees) processed by DoggieDashboard on behalf of the Controller.

"Controller", "Processor", "Data Subject", "Processing", and "Supervisory Authority" shall have the meanings given to them in the Applicable Data Protection Laws.

2.1 Roles: The parties acknowledge and agree that with regard to the Processing of Personal Data, the User is the Data Controller and DoggieDashboard is the Data Processor.

2.2 Instructions: DoggieDashboard shall process Personal Data solely on the documented instructions of the Controller, including any additional documented instructions issued by the Controller from time to time, unless required to do so by applicable law. The Agreement and this Addendum constitute the Controller’s instructions.

2.3 Details of Processing:

Subject Matter: The provision of the DoggieDashboard pet care management software and related services.

Duration: The term of the Agreement plus the period until all Personal Data is deleted or returned in accordance with Section 7.

Nature/Purpose: To enable the Controller to manage appointments, clients, pets, invoicing, and daycare/boarding operations.

Categories of Data Subjects: The Controller’s customers (pet owners), employees, and emergency contacts.

Types of Personal Data: Names, contact information (email, phone number, address), pet health/vaccination records, billing notes, and scheduling details.

2.4 Country Eligibility / Restricted Access

DoggieDashboard is intended for use only by business entities located in the United States, Canada, the United Kingdom, Australia, and New Zealand. Access from or use of the Service within the European Economic Area (EEA), Switzerland, or any other jurisdiction not explicitly listed is not permitted.

By using the Service, the Controller represents and warrants that it is not located in, established in, or accessing the Service from the European Economic Area (EEA), Switzerland, or any jurisdiction where such use would violate applicable law or export restrictions.

DoggieDashboard reserves the right to suspend or terminate access to the Service if it reasonably determines that the Service is being accessed or used in violation of this Section.

2.4 Legacy Users (European Economic Area)

The restrictions set out in Section 2.4 do not apply to existing users who registered for the Service prior to the effective date of this Addendum and who are located in the European Economic Area (EEA) or Switzerland ("Legacy Users").

DoggieDashboard may continue to process Personal Data of such Legacy Users strictly for the purposes of providing the Service, in accordance with this Addendum, until such accounts are terminated, migrated, or otherwise closed.

No new accounts from the EEA or Switzerland are permitted, and DoggieDashboard does not actively target or onboard users from these jurisdictions.

3.1 Technical and Organizational Measures: DoggieDashboard shall implement and maintain appropriate technical and organizational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

3.2 Confidentiality: DoggieDashboard shall ensure that all personnel authorized to process Personal Data are bound by appropriate obligations of confidentiality.

4.1 Authorization: The Controller grants a general authorization to DoggieDashboard to engage third-party software infrastructure providers and tools (e.g., cloud hosting services, email delivery services, database providers) as Subprocessors.

4.2 Notification & Flow-Down: DoggieDashboard shall impose data protection terms on any Subprocessor it engages that are no less protective than the commitments set out in this Addendum. DoggieDashboard remains fully liable for the performance of its Subprocessors.

5.1 Assistance: Taking into account the nature of the processing, DoggieDashboard shall provide reasonable assistance through available product functionality to help the Controller respond to Data Subject requests to exercise their rights, including access, correction, and deletion.

5.2 Forwarding Requests: If DoggieDashboard receives a request directly from a Data Subject regarding the Controller’s data, it will direct the Data Subject to the Controller and, where appropriate, assist the Controller in responding.

6.1 Notification: DoggieDashboard shall notify the Controller without undue delay, and in any event within 72 hours, after becoming aware of a confirmed Personal Data Breach involving the Controller’s data.

6.2 Content: The notification shall include sufficient information to assist the Controller in meeting any legal or regulatory notification obligations.

7.1 Deletion: Upon termination or expiration of the Agreement, or upon the Controller’s request within the platform, DoggieDashboard shall delete or irreversibly anonymize all Personal Data in its possession, unless retention is required by applicable law.

8.1 Service Provider: To the extent the CCPA/CPRA applies, DoggieDashboard certifies that it acts as a "Service Provider." DoggieDashboard shall not retain, use, disclose, or otherwise process Personal Data for any purpose other than for the specific business purposes specified in the Agreement or as otherwise permitted by law, and will not sell or share Personal Data.

9.1 Conflict: In the event of any conflict between this Addendum and the main Terms of Service, the provisions of this Addendum shall prevail with respect to data protection obligations.