Data Processing Agreement

Effective date: January 1, 2025

1. Introduction

This Data Processing Agreement ("DPA") forms part of the Terms of Service between Linkrunner ("Processor", "we", "us") and the customer ("Controller", "you") who has agreed to the Terms of Service (the "Agreement").

This DPA applies to the extent that Linkrunner processes Personal Data on behalf of the Controller in the course of providing the Services under the Agreement.

2. Definitions

"Personal Data" means any information relating to an identified or identifiable natural person that is processed by Linkrunner on behalf of the Controller in connection with the Services.

"Processing" means any operation performed on Personal Data, including collection, recording, organization, structuring, storage, adaptation, retrieval, use, disclosure, or erasure.

"Sub-processor" means any third party engaged by Linkrunner to process Personal Data on behalf of the Controller.

3. Scope and Purpose of Processing

Linkrunner processes Personal Data solely for the purpose of providing the Services as described in the Agreement. This includes mobile attribution, deep link routing, analytics, and related measurement services.

The categories of Personal Data processed may include device identifiers (IDFA, GAID), IP addresses, user agent strings, app event data, and attribution metadata.

4. Obligations of the Processor

Linkrunner shall:

  • Process Personal Data only on documented instructions from the Controller, unless required by applicable law.
  • Ensure that persons authorized to process Personal Data have committed themselves to confidentiality.
  • Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
  • Assist the Controller in responding to requests from data subjects exercising their rights under applicable data protection law.
  • Delete or return all Personal Data to the Controller after the end of the provision of Services, at the Controller's choice.
  • Make available to the Controller all information necessary to demonstrate compliance with this DPA.

5. Sub-processors

The Controller provides general authorization for Linkrunner to engage Sub-processors. Linkrunner shall inform the Controller of any intended changes concerning the addition or replacement of Sub-processors, giving the Controller the opportunity to object.

Linkrunner shall ensure that Sub-processors are bound by data protection obligations no less protective than those set out in this DPA.

6. Data Transfers

Linkrunner shall not transfer Personal Data to a country outside the European Economic Area unless appropriate safeguards are in place, as required by applicable data protection law.

7. Security

Linkrunner maintains SOC 2 Type II certification, ISO 27001 certification, and GDPR compliance. Technical measures include encryption at rest and in transit, access controls, regular security audits, and incident response procedures.

8. Data Breach Notification

Linkrunner shall notify the Controller without undue delay after becoming aware of a Personal Data breach. The notification shall include the nature of the breach, the categories and approximate number of data subjects affected, and the measures taken to address the breach.

9. Contact

For questions about this DPA, contact us at support@linkrunner.io.