Legal

Policies & agreements.

The terms, privacy practices, and notices that govern your use of Avenrow Labs products and services. Select a document to read the current version in full.

Last revised: June 4, 2026

Data Processing

This Data Processing Addendum ("DPA") applies to the extent Avenrow Labs, LLC ("Avenrow Labs", "Company", "we", "us", or "our") processes Customer Personal Data on behalf of a customer as a processor, service provider, or equivalent role under applicable data protection laws in connection with the Services.

This DPA supplements the Avenrow Labs Terms of Use, Privacy Policy, product-specific terms, and any applicable order terms. If there is a conflict between this DPA and the Terms of Use regarding processing of Customer Personal Data, this DPA controls for that processing.

1. DEFINITIONS

"Customer" means the person or entity that uses the Services and determines the purposes and means of processing Customer Personal Data.

"Customer Personal Data" means personal information, personal data, or similar regulated information submitted to the Services by or on behalf of Customer and processed by Avenrow Labs on Customer's behalf.

"Data Protection Laws" means applicable privacy and data protection laws governing the processing of Customer Personal Data.

"Subprocessor" means a third party engaged by Avenrow Labs to process Customer Personal Data on behalf of Avenrow Labs in connection with the Services.

2. ROLES

For Customer Personal Data, Customer is the controller, business, or equivalent role, and Avenrow Labs is the processor, service provider, or equivalent role, except where applicable law or product-specific terms provide otherwise.

3. PROCESSING INSTRUCTIONS

Avenrow Labs will process Customer Personal Data only to provide, maintain, secure, support, and improve the Services; comply with Customer's documented instructions; comply with law; enforce agreements; prevent abuse; and as otherwise described in the Terms of Use, Privacy Policy, product-specific terms, or this DPA.

Customer instructs Avenrow Labs to process Customer Personal Data as necessary to provide the Services and as otherwise described in this DPA.

4. CUSTOMER RESPONSIBILITIES

Customer is responsible for:

  • (a) providing legally adequate notices and obtaining legally required consents;
  • (b) ensuring Customer has the right to submit Customer Personal Data to the Services;
  • (c) ensuring Customer Personal Data is accurate, lawful, and appropriate for the applicable Service;
  • (d) using the Services in compliance with Data Protection Laws;
  • (e) responding to data subject requests where Customer is responsible for doing so; and
  • (f) not submitting sensitive or regulated data unless the applicable Service is intended for that data and Customer has satisfied all legal requirements.

5. CONFIDENTIALITY

Avenrow Labs will ensure that persons authorized to process Customer Personal Data are subject to appropriate confidentiality obligations.

6. SECURITY

Avenrow Labs will implement and maintain reasonable administrative, technical, and organizational safeguards designed to protect Customer Personal Data against unauthorized access, loss, misuse, alteration, and disclosure. Security measures may include access controls, authentication, encryption where appropriate, logging, backup practices, vendor review, and abuse prevention measures.

7. SUBPROCESSORS

Customer authorizes Avenrow Labs to use Subprocessors to provide the Services. Avenrow Labs will impose contractual obligations on Subprocessors that are designed to protect Customer Personal Data in a manner consistent with this DPA.

Subprocessors may include hosting, infrastructure, security, payment, email, storage, AI, analytics, customer support, fulfillment, and other service providers used to provide the Services. Current categories and representative providers are listed in Schedule 3.

8. DATA SUBJECT REQUESTS

If Avenrow Labs receives a request from an individual relating to Customer Personal Data, Avenrow Labs may direct the individual to Customer unless legally required to respond directly. Taking into account the nature of the processing, Avenrow Labs will provide reasonable assistance to Customer in responding to data subject requests where required by Data Protection Laws.

9. PERSONAL DATA BREACHES

Avenrow Labs will notify Customer without undue delay after becoming aware of a confirmed breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Personal Data, where required by Data Protection Laws. Customer is responsible for determining whether notice to individuals, regulators, or others is required.

10. RETURN OR DELETION

Upon termination of the Services or upon Customer's reasonable request, Avenrow Labs will delete or return Customer Personal Data in accordance with applicable product functionality, retention practices, legal obligations, backup practices, and operational requirements.

11. AUDIT AND INFORMATION

Upon reasonable request, Avenrow Labs will provide information reasonably necessary to demonstrate compliance with this DPA, subject to confidentiality, security, legal, and operational limitations. On-site audits are not required unless expressly agreed in a separate written agreement.

12. INTERNATIONAL TRANSFERS

Customer Personal Data may be processed in the United States and other jurisdictions where Avenrow Labs or its Subprocessors operate. Where required by Data Protection Laws, the parties will use appropriate transfer mechanisms, such as standard contractual clauses or other legally recognized mechanisms.

13. SCHEDULE 1: DETAILS OF PROCESSING

Subject Matter: Provision of the Services, including digital software products, account access, generated outputs, support, billing, security, and related operations.

Duration: For the term of Customer's use of the Services and thereafter as necessary for legal, security, backup, dispute, and business record purposes.

Nature and Purpose: Hosting, storage, transmission, analysis, generation, formatting, transformation, support, billing, security, troubleshooting, product operation, and abuse prevention.

Categories of Data Subjects: Customer users, account administrators, end users, contacts, support requesters, payment contacts, and individuals whose information is submitted to the Services by Customer.

Categories of Personal Data: Names, email addresses, account identifiers, billing information, usage data, device data, support communications, User Content, generated outputs, and other information submitted to or processed through the Services.

Sensitive Data: The Services are not intended for sensitive or special-category data unless product-specific terms expressly state otherwise.

14. SCHEDULE 2: SECURITY MEASURES

Avenrow Labs may use measures such as account authentication, role-based access, least-privilege access, secure hosting providers, transport encryption where appropriate, logging and monitoring, backup practices, vulnerability management, vendor management, incident response procedures, and administrative controls.

15. SCHEDULE 3: SUBPROCESSOR CATEGORIES AND REPRESENTATIVE PROVIDERS

Avenrow Labs may use the following categories of Subprocessors and service providers:

  • (a) Hosting, DNS, network security, CDN, edge computing, and web infrastructure providers, including Cloudflare.
  • (b) Email, business productivity, account administration, and communications providers, including Google Workspace.
  • (c) Payment processing, subscription, billing, invoice, fraud-prevention, and tax-related providers, including Stripe.
  • (d) AI, machine learning, speech, audio, document processing, model, and compute providers used by applicable Products.
  • (e) Storage, database, logging, monitoring, analytics, error tracking, support, and operational tooling providers used by applicable Products.
  • (f) Shipping, printing, fulfillment, and carrier providers when a Product offers physical delivery or fulfillment.

16. CONTACT

Questions about this DPA may be sent to legal@avenrowlabs.com.