Trepy

Trepy Data Processing Addendum

Type at least 2 characters to see Treps, or press Search to open Trepy sign-in.

Contact

This Data Processing Addendum (“DPA”) supplements the:

  • Trepy Terms of Service
  • Trepy Privacy Policy
  • Trepy Creator / Trep Agreement
  • Trepy Organizer Agreement
  • Trepy Platform Seller Agreement
  • Trepy SMS / Messaging Terms
  • and other applicable agreements governing use of Trepy’s services (collectively, the “Agreement”).

This DPA applies where Trepy processes personal data on behalf of certain business customers, organizations, Treps, organizers, sellers, or other commercial users (“Customer”) in connection with Trepy’s services.

This DPA is intended to address certain data protection obligations that may apply under privacy and data protection laws including, where applicable:

  • the General Data Protection Regulation (“GDPR”);
  • the UK GDPR;
  • applicable European Economic Area (“EEA”) privacy laws;
  • and similar data protection frameworks.

This DPA applies only to the extent required by applicable law.

NOTE: THIS AGREEMENT CONTAINS ARBITRATION, INDEMNIFICATION, AND CLASS ACTION WAIVER CLAUSES

RECITALS

This Agreement incorporates the following additional agreements and policies:

Terms of Service | Privacy Policy | Cookie Policy | Accessibility Statement | Trust & Safety Transparency Policy | SMS Terms / Messaging Terms | Subscription Billing & Cancellation Policy | Acceptable Use Policy | Community Standards / Content Policy | Account Termination & Repeat Violator Policy | Refund / Ticketing Policy | Terms for Paid Livestream Access | Event Cancellation / Force Majeure Policy | Creator / Trep Agreement | Organizer Agreement | Platform Seller Agreement | Platform Verification & Identity Verification Policy | DMCA / Intellectual Property Policy | Intellectual Property Policy | Copyright / DMCA Notice Submission Procedure Page | California Privacy Addendum | Data Processing Addendum (DPA / GDPR Scaling) | Security & Responsible Disclosure Policy | Payment Dispute / Chargeback Policy | Law Enforcement Request Policy.

By Agreeing to this Agreement, you are agreeing to all of the forgoing policies and terms.

1. DEFINITIONS

For purposes of this DPA:

  • “Controller” means the entity determining the purposes and means of processing personal data.
  • “Processor” means the entity processing personal data on behalf of a Controller.
  • “Personal Data” means information relating to an identified or identifiable natural person to the extent regulated by applicable law.
  • “Processing” means operations performed on personal data.
  • “Subprocessor” means a third party engaged by Trepy to process personal data.
  • “Data Protection Laws” means applicable privacy and data protection laws.

Capitalized terms not defined here have meanings assigned in the applicable Agreement.

2. RELATIONSHIP OF THE PARTIES

To the extent applicable under Data Protection Laws:

  • Customer acts as the Controller or business responsible for determining processing purposes;
  • Trepy acts as a Processor or service provider processing personal data on Customer’s behalf for purposes of providing the Services.

Nothing in this DPA limits Trepy’s ability to process data where Trepy independently acts as a Controller or business under applicable law, including for:

  • account administration;
  • fraud prevention;
  • security;
  • legal compliance;
  • billing;
  • platform integrity;
  • analytics;
  • operational monitoring;
  • infrastructure protection;
  • lawful internal business operations.

3. NATURE AND PURPOSE OF PROCESSING

Trepy may process personal data for purposes including:

  • account management;
  • organizational management;
  • communications;
  • event management;
  • livestream access;
  • ticketing;
  • audience engagement;
  • customer support;
  • payment workflows;
  • reporting;
  • notifications;
  • security;
  • fraud prevention;
  • operational monitoring;
  • platform functionality.

Processing activities may vary depending on:

  • Customer configurations;
  • organizational settings;
  • features used;
  • integrations enabled;
  • communications workflows;
  • livestream functionality;
  • event operations.

4. TYPES OF PERSONAL DATA

Depending on platform usage, Trepy may process categories of personal data including:

  • identifiers;
  • contact information;
  • account credentials;
  • communications preferences;
  • transactional information;
  • event participation information;
  • livestream interaction information;
  • device information;
  • internet activity information;
  • organizational information;
  • support communications;
  • user-generated content;
  • payment-related metadata;
  • analytics data.

Trepy does not require Customers to submit special categories of personal data unless expressly authorized through supported platform functionality.

Customers remain responsible for determining what data they upload or process through the Services.

5. CUSTOMER INSTRUCTIONS

Trepy shall process personal data:

  • to provide the Services;
  • pursuant to Customer instructions;
  • pursuant to configurations selected by Customer;
  • as otherwise permitted by the Agreement;
  • as required by applicable law.

Customer instructs Trepy to process personal data as reasonably necessary to provide, secure, maintain, support, and improve the Services.

Trepy reserves the right to refuse instructions that:

  • violate applicable law;
  • create security risks;
  • exceed platform capabilities;
  • conflict with operational integrity;
  • conflict with the Agreement.

6. CUSTOMER RESPONSIBILITIES

Customer is solely responsible for:

  • determining lawful processing purposes;
  • obtaining required consents;
  • providing legally required notices;
  • establishing lawful bases for processing;
  • responding to data subject requests where applicable;
  • ensuring uploaded data complies with applicable laws;
  • configuring platform settings appropriately.

Customer represents and warrants that it possesses all necessary rights and legal authority relating to personal data processed through the Services.

Trepy does not provide legal advice regarding Customer compliance obligations.

7. TREPY SECURITY MEASURES

Trepy implements commercially reasonable administrative, technical, and organizational measures intended to help protect personal data against unauthorized access, loss, misuse, or disclosure.

Such measures may include:

  • access controls;
  • authentication systems;
  • encryption technologies;
  • operational monitoring;
  • logging systems;
  • infrastructure protections;
  • fraud-prevention systems;
  • internal access restrictions.

Security measures evolve over time and may change based on:

  • operational requirements;
  • technical developments;
  • threat environments;
  • infrastructure changes;
  • platform functionality.

Trepy does not guarantee that security measures will prevent all incidents or unauthorized activity.

8. PERSONNEL ACCESS

Trepy shall take commercially reasonable steps intended to limit personnel access to personal data to individuals with operational or business needs relating to:

  • platform support;
  • customer support;
  • infrastructure operations;
  • security;
  • fraud prevention;
  • engineering;
  • legal compliance.

Personnel with access to personal data may be subject to confidentiality obligations where reasonably appropriate.

9. SUBPROCESSORS

Customer acknowledges and agrees that Trepy may engage Subprocessors to support the Services.

Subprocessors may include providers relating to:

  • hosting infrastructure;
  • payment processing;
  • communications;
  • livestream infrastructure;
  • analytics;
  • support systems;
  • cloud infrastructure.

Relevant providers may include:

  • Stripe Privacy Policy
  • Twilio Privacy Notice
  • Mux Terms of Service

Trepy may add, remove, or replace Subprocessors at its discretion.

Trepy shall take commercially reasonable steps intended to require Subprocessors to provide protections reasonably appropriate for the services performed.

10. INTERNATIONAL DATA TRANSFERS

Trepy and its providers may process personal data in jurisdictions outside the EEA, UK, or Customer’s jurisdiction.

Customer authorizes Trepy to transfer personal data internationally where reasonably necessary to provide the Services.

Where required by applicable law, Trepy may rely on transfer mechanisms including:

  • Standard Contractual Clauses;
  • adequacy decisions;
  • derogations;
  • other lawful transfer mechanisms.

Trepy does not guarantee that all jurisdictions provide equivalent legal protections.

11. DATA SUBJECT REQUESTS

Where applicable and reasonably feasible, Trepy may provide functionality intended to assist Customers in responding to certain data subject requests.

Trepy may also provide reasonable cooperation where:

  • technically feasible;
  • operationally reasonable;
  • legally permitted.

Trepy reserves the right to:

  • redirect requests to Customer;
  • deny requests where legally permitted;
  • require verification;
  • limit responses where operationally necessary.

Customers remain primarily responsible for responding to requests relating to Customer-controlled processing.

12. SECURITY INCIDENTS

Trepy may notify Customers of confirmed security incidents involving Customer personal data where:

  • reasonably required by applicable law;
  • operationally feasible;
  • legally permitted.

Notification timing may depend on:

  • incident severity;
  • verification processes;
  • operational considerations;
  • legal restrictions;
  • law enforcement considerations.

Trepy does not guarantee immediate notification of all incidents.

Trepy reserves the right to investigate and remediate incidents before disclosure where reasonably necessary.

13. RETENTION AND DELETION

Trepy may retain personal data for periods reasonably necessary to:

  • provide the Services;
  • maintain platform integrity;
  • comply with legal obligations;
  • prevent fraud;
  • preserve operational records;
  • resolve disputes;
  • maintain backups;
  • enforce agreements.

Deletion may not occur immediately following:

  • account closure;
  • service termination;
  • deletion requests.

Archived systems, backups, logs, fraud-prevention systems, and legal records may retain information for reasonable periods.

Trepy reserves the right to retain information where permitted or required by law.

14. AUDITS AND INFORMATION REQUESTS

To the extent required by applicable law and subject to reasonable confidentiality protections, Trepy may provide limited information regarding its privacy and security practices where:

  • operationally feasible;
  • legally permissible;
  • reasonably necessary.

Trepy reserves the right to:

  • restrict audit scope;
  • require confidentiality agreements;
  • deny intrusive access requests;
  • refuse requests that create security or operational risks.

Trepy is not required to disclose:

  • proprietary systems;
  • confidential infrastructure details;
  • internal security methodologies;
  • information creating unreasonable security risks.

15. NO GUARANTEE OF LEGAL COMPLIANCE

Data protection laws evolve and may be interpreted differently across jurisdictions.

Trepy does not guarantee that use of the Services will automatically satisfy Customer’s legal obligations under all laws or jurisdictions.

Customers remain solely responsible for:

  • determining legal applicability;
  • evaluating compliance obligations;
  • implementing appropriate policies;
  • obtaining legal advice where necessary.

Nothing in this DPA constitutes legal advice.

16. DISCLAIMERS

THE SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE.”

Trepy does not guarantee:

  • uninterrupted availability;
  • uninterrupted processing;
  • uninterrupted security;
  • universal legal compliance;
  • compatibility with all regulatory frameworks;
  • prevention of all unauthorized access.

Trepy reserves the right to:

  • modify infrastructure;
  • update processing practices;
  • modify security measures;
  • change operational procedures;
  • change Subprocessors.

17. LIMITATION OF LIABILITY

To the maximum extent permitted by law, the liability limitations contained in the applicable Agreement apply to this DPA.

Trepy shall not be liable for:

  • indirect damages;
  • incidental damages;
  • consequential damages;
  • regulatory penalties imposed on Customer;
  • Customer compliance failures;
  • third-party provider actions;
  • infrastructure failures beyond reasonable control;
  • unauthorized acts of third parties.

Certain jurisdictions may not allow some limitations.

18. ARBITRATION AND CLASS ACTION WAIVER

This DPA is subject to the arbitration and class action waiver provisions contained in the applicable Agreement and the Trepy Terms of Service.

Disputes relating to personal data, privacy, processing activities, or data protection obligations shall be resolved through binding individual arbitration governed by the Federal Arbitration Act where legally enforceable.

Users waive participation in:

  • class actions;
  • representative proceedings;
  • collective proceedings;
  • consolidated claims.

19. ORDER OF PRECEDENCE

If this DPA conflicts with another applicable Agreement solely regarding data protection obligations, this DPA controls to the extent required by applicable Data Protection Laws.

Otherwise, the applicable Agreement controls.

20. MODIFICATIONS TO THIS DPA

Trepy may update this DPA from time to time.

Updated versions may be posted through the platform.

Continued use of the Services after updates may constitute acceptance of revised terms.

21. CONTACT INFORMATION

Trepy

Website:

  • Trepy Website

Application:

  • Trepy App

Additional privacy-related contact methods may be provided through the platform.

Questions about our Data Processing Addendum?

Use our Contact Form to reach out to us.

ContactTerms
Data Processing Addendum | Trepy