Data Processing Agreement (DPA)
Part of the contractual framework between moodcase llc and its customers, detailing how personal data is processed and protected.
May 1, 2025
1. Parties
Controller
The customer (e.g. photographer, agency, or studio) using the moodcase platform.
Processor
moodcase llc
Käsereistrasse 14
9305 Berg SG, Switzerland
privacy@moodcase.io
This agreement is part of the contractual relationship between the customer and moodcase GmbH and governs the processing of personal data within the SaaS platform moodcase (https://app.moodcase.io).
2. Subject and Duration
This agreement defines the rights and obligations regarding the processing of personal data under Art. 28 GDPR and Art. 9 nFADP.
Purpose: Use of the moodcase platform to manage, edit, and share visual content and related project data
Duration: Valid for the duration of the customer’s account or until data deletion
3. Nature and Scope of Data
Data processed may include
Uploaded media files (e.g., images, videos)
Names and email addresses of team members or end clients
Project-related metadata (e.g., tags, filenames, notes)
Communication history via Intercom support
Data subjects may include:
Customer's team members
End clients or third parties related to customer projects
4. Rights and Responsibilities
Controller (Customer)
Ensures lawful basis for all processed data
May issue instructions regarding the scope and method of processing
Processor (moodcase GmbH)
Processes data solely within the scope of this agreement and the main contract
Implements appropriate technical and organizational measures (see Annex)
Assists the Controller in fulfilling data subject rights (access, rectification, deletion)
Notifies the Controller of any data breaches or legal violations
5. Subprocessors
The following subprocessors are used
Service | Provider | Location |
|---|---|---|
Hosting | DigitalOcean LLC | EU (Amsterdam |
Payments | Stripe Payments Europe Ltd. | Ireland / USA |
Product Analytics | Segment.io (Twilio) | USA |
Customer Support | Intercom R&D Unlimited Company | Ireland |
Feedback Widget | Sleekplan GmbH | Germany |
Affiliate Tracking | Fera Commerce Inc. (Tolt) | Canada |
Storage (Cloud) | Wasabi Technologies Inc. | USA |
CDN / Video Delivery | BunnyWay d.o.o. | Slovenia |
Realtime Framework | Pusher Ltd. | UK |
Infrastructure (Subservices) | Amazon Web Services EMEA SARL | Luxembourg |
The Controller authorizes the use of these subprocessors. moodcase GmbH ensures all subprocessors comply with Art. 28 GDPR and equivalent nFADP obligations.
6. Data Deletion
After termination of the contract or upon request, all personal data shall be deleted or returned, unless legal retention periods apply. moodcase deletes inactive accounts and related data automatically after 180 days of inactivity.
7. Data Transfers
If data is transferred to countries outside the EU/EEA or Switzerland, moodcase ensures appropriate safeguards (e.g., Standard Contractual Clauses) are in place with all relevant subprocessors.
8. Final Provisions
This agreement is valid upon acceptance of moodcase’s Terms of Service
In case of conflict, this agreement shall take precedence over general terms
Jurisdiction: St. Gallen, Switzerland
Annex: Technical & Organisational Measures
Encrypted data transmission (TLS/SSL)
Encrypted data storage at rest (where applicable)
Role-based access control, 2FA
Logging and monitoring of access
Regular security updates and backups
Logical separation of customer data
Access to production systems limited to essential personnel
Ongoing staff training on data protection
This agreement does not require a separate signature and becomes effective upon acceptance of the Terms of Service.