DATA PROCESSING AGREEMENT (DPA)
Effective Date: February 27, 2026
Company: GoUp Digital Marketing Agency
Product: GoWap
Website: https://goupdigitalmarketingagency.com/
Contact Email: info@goupdigitalmarketingagency.com
1. PURPOSE
This Data Processing Agreement (“DPA”) governs the processing of personal data by GoUp Digital Marketing Agency (“Processor”) on behalf of the subscribing organization (“Controller”) in connection with the GoWap SaaS platform.
This DPA forms part of the Terms of Service.
2. ROLES OF THE PARTIES
Controller:
The organization using GoWap to generate and deliver advertising performance reports.
Processor:
GoUp Digital Marketing Agency, which processes data strictly to provide reporting services.
GoWap does not determine the purpose of processing client contact data; it processes such data solely on documented instructions of the Controller.
3. NATURE AND PURPOSE OF PROCESSING
The Processor processes data for the following purposes:
Connecting to Meta Ads accounts via OAuth
Fetching advertising performance metrics
Generating KPI-based performance reports
Delivering reports via WhatsApp or email
Logging delivery status and maintaining system reliability
Processing is limited strictly to reporting functionality.
4. TYPES OF DATA PROCESSED
4.1 Account Data
Name
Email address
Organization name
Role
4.2 Advertising Performance Data
Ad account identifiers
Campaign names
Ad set names
Advertising performance metrics
KPIs selected by the user
4.3 Client Contact Data
Client name
WhatsApp number
Email address
Timezone
Consent timestamp
No sensitive personal data is intentionally processed.
5. DURATION OF PROCESSING
Data is processed:
For the duration of the active subscription
Until deletion is requested
Until account termination
Upon termination, data is deleted according to the Data Retention policy.
6. PROCESSOR OBLIGATIONS
The Processor agrees to:
Process data only on documented instructions from the Controller
Implement appropriate technical and organizational safeguards
Ensure confidentiality of personnel
Restrict access to authorized staff only
Maintain secure infrastructure
Notify the Controller of any data breach without undue delay
7. SECURITY MEASURES
The Processor implements:
HTTPS encryption (TLS)
Encrypted storage of API tokens
Encrypted storage of WhatsApp numbers
Role-based access controls
Organization-level data isolation
Logging and monitoring
Security measures are reviewed periodically.
8. SUBPROCESSORS
The Processor may use third-party service providers including:
Cloud hosting infrastructure providers
Meta Marketing API
WhatsApp Cloud API
Email delivery providers
Payment processors
Subprocessors are required to maintain appropriate security standards.
9. DATA SUBJECT RIGHTS
The Controller is responsible for handling data subject requests.
The Processor shall assist, where technically feasible, in responding to:
Access requests
Correction requests
Deletion requests
Consent withdrawal
10. DATA BREACH NOTIFICATION
In the event of a confirmed data breach affecting personal data, the Processor shall:
Notify the Controller without undue delay
Provide relevant information available
Cooperate in mitigation efforts
11. DATA DELETION
Upon account termination or written request:
Meta OAuth tokens are revoked
Client contact data is deleted
Delivery logs are purged according to retention policy
Organization data is permanently removed within 7 business days
12. INTERNATIONAL TRANSFERS
Data may be processed on secure cloud infrastructure which may operate in multiple regions.
The Processor ensures reasonable safeguards are in place for cross-border data transfers.
13. GOVERNING LAW
This DPA shall be governed by the laws of India.
Disputes shall be subject to jurisdiction of courts in Tamil Nadu, India.
14. CONTACT
For DPA-related inquiries:
Email: info@goupdigitalmarketingagency.com
Website: https://goupdigitalmarketingagency.com/