Usherfly

Data Processing Agreement — Usherfly

Version 1.0 (Draft) · Last updated: May 19, 2026

This Data Processing Agreement template requires qualified legal counsel review before use in binding contracts. It is provided for informational purposes and as a structural basis for formal legal drafting.

Preamble

This DPA is entered into between the Data Controller (the organization that has accepted Usherfly's Terms of Service) and Usherfly (Data Processor). This DPA supplements and forms part of the Terms of Service. In the event of conflict, this DPA prevails with respect to data processing.

1. Definitions

Personal Data: Any information relating to an identified or identifiable natural person processed through the platform on behalf of the Customer. Applicable Data Protection Law: KVKK (Turkish Law No. 6698) and, where applicable, CCPA and equivalent laws in the Customer's jurisdiction.

2. Subject Matter and Duration

Usherfly processes Personal Data solely to provide the Usherfly platform services. This DPA remains in effect for the duration of the Customer's active subscription.

3. Nature and Purpose of Processing

Onboarding flow execution and management; onboardee progress tracking; document storage and retrieval; notification delivery; platform analytics (anonymized or pseudonymized); technical support and error resolution.

4. Types of Personal Data Processed

Identity and contact data (name, email); onboarding content (documents, form responses, e-signature data); behavioral and activity data (step completions, timestamps); communication data (notification delivery status).

5. Data Subject Categories

Onboardees; Organization Admins; Task Owners.

6. Customer Obligations (Controller)

The Customer agrees to ensure a lawful basis for each category of Personal Data processed; obtain necessary consents; ensure accuracy of Personal Data; notify Usherfly of Data Subject rights requests; and comply with Applicable Data Protection Law.

7. Usherfly's Obligations (Processor)

Process Personal Data only on documented Customer instructions; maintain confidentiality obligations; implement appropriate technical and organizational security measures; notify the Customer within 72 hours of a Personal Data breach; assist with Data Subject rights requests; cooperate with audits; delete or return Customer data upon termination.

8. Sub-Processors

Usherfly engages the sub-processors listed at Sub-Processor List. Usherfly will notify the Customer at least 30 days before adding or replacing a sub-processor. The Customer may object in writing within 14 days.

9. International Data Transfers

Personal Data is processed and stored in AWS eu-central-1 (Frankfurt, EU) (D-116). This data center meets GDPR-equivalent adequacy standards. Specific cross-border transfer mechanisms are subject to legal counsel review.

10. Deletion and Return of Data

Upon subscription expiration, Usherfly will make Customer Personal Data available for export for 30 days, then permanently delete all Customer Personal Data. Event log data in anonymized form (per D-024) may be retained for up to 3 years. Upon request, Usherfly will provide written confirmation of deletion.

11. Liability

Liability under this DPA is subject to the limitations in the Terms of Service. Each party is responsible for its own compliance with Applicable Data Protection Law. [Legal counsel review required for specific liability caps.]

12. Governing Law

This DPA is governed by the laws of the Republic of Turkey. Where the Customer is in another jurisdiction, an addendum reflecting local requirements may be appended. [Legal counsel review required for jurisdiction-specific addenda.]

13. Execution

This document is a structural template for a Data Processing Agreement between Usherfly and its Customers. It is currently being finalized pending qualified legal counsel review. It is not incorporated into the Terms of Service and does not constitute a binding agreement at account registration. Usherfly will execute a separate, counsel-reviewed DPA with any Customer who requests one, or upon completion of the counsel-ratification process. Until that time, this template is provided for transparency and planning purposes only.

Enterprise customers requiring a separately executed DPA may contact legal@usherfly.io.

Questions: legal@usherfly.io