Data Processing Agreement

This Data Processing Agreement ("DPA") forms part of the Terms of Service between you ("Controller") and The Sealey Company LLC ("AppReviewBot", "Processor", "we", "us") regarding the processing of Personal Data in connection with the AppReviewBot services.

1. Interpretation

In this DPA, the following terms shall have the meanings set out below:

  • "Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • "Data Subject" means an identified or identifiable natural person whose Personal Data is processed by AppReviewBot under this DPA.
  • "Personal Data" means any information relating to an identified or identifiable natural person as defined by applicable Data Protection Laws.
  • "Processing" means any operation or set of operations which is performed on personal data or on sets of personal data.
  • "Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  • "Data Protection Laws" means all applicable laws and regulations relating to the processing of Personal Data including the EU General Data Protection Regulation 2016/679 ("GDPR"), the UK Data Protection Act 2018, and the California Consumer Privacy Act ("CCPA").

2. Relationship of the Parties

The parties acknowledge and agree that:

  • Controller is the Controller of Personal Data processed in connection with Controller's use of AppReviewBot's services.
  • AppReviewBot is the Processor of such Personal Data and will process Personal Data only on behalf of and in accordance with Controller's documented instructions.
  • Controller shall ensure that its instructions comply with Data Protection Laws.

3. Processing of Personal Data

3.1 Scope and Purpose

AppReviewBot will process Personal Data for the following purposes:

  • Providing app review monitoring and notification services
  • Delivering review alerts to designated communication platforms
  • Maintaining service functionality and support
  • Ensuring service security and preventing fraud

3.2 Categories of Personal Data

The Personal Data processed may include:

  • Contact information (names, email addresses)
  • Account credentials and authentication data
  • Usage and interaction data
  • Communication preferences
  • Payment and billing information (processed through Stripe)

3.3 Data Subjects

Data subjects may include Controller's employees, customers, and end users of Controller's applications.

4. Technical and Organizational Measures

AppReviewBot implements appropriate technical and organizational measures to ensure security of Personal Data, including:

  • Access Controls: Role-based access controls and authentication mechanisms
  • Encryption: Data encryption in transit and at rest using industry-standard protocols
  • System Security: Regular security updates, monitoring, and vulnerability assessments
  • Data Backup: Secure backup and recovery procedures
  • Staff Training: Regular privacy and security training for personnel

5. Subprocessors

AppReviewBot may engage the following categories of subprocessors:

  • Cloud infrastructure providers
  • Payment processing services (Stripe)
  • Analytics and monitoring services
  • Communication and collaboration platforms

AppReviewBot will ensure that any subprocessor is bound by data protection obligations equivalent to those set out in this DPA.

6. Data Subject Rights

AppReviewBot will assist Controller in fulfilling Data Subject rights requests, including:

  • Right of access to Personal Data
  • Right to rectification of inaccurate Personal Data
  • Right to erasure of Personal Data
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

7. Personal Data Breach

AppReviewBot will:

  • Notify Controller without undue delay after becoming aware of a Personal Data breach
  • Provide all available information about the breach
  • Cooperate with Controller in investigating and mitigating the breach
  • Implement measures to address the breach and prevent future occurrences

8. International Data Transfers

Where Personal Data is transferred outside the European Economic Area or the United Kingdom, AppReviewBot ensures appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by relevant data protection authorities
  • Additional technical and organizational measures as required

9. Data Retention and Deletion

AppReviewBot will:

  • Process Personal Data only for the duration necessary to fulfill the purposes outlined in this DPA
  • Delete or return Personal Data upon termination of services, unless legally required to retain it
  • Provide confirmation of deletion upon Controller's request

10. Audits and Compliance

AppReviewBot will:

  • Maintain records of processing activities
  • Provide information necessary to demonstrate compliance with this DPA
  • Allow for and contribute to audits, including inspections, conducted by Controller or another auditor mandated by Controller

11. Contact Information

For any questions or concerns regarding this Data Processing Agreement, please contact:

The Sealey Company LLC
Attn: Data Protection Officer
11409 Municipal Center Dr.
Knoxville TN 37922-9997 Suite 22040
United States

Email: privacy[at]appreviewbot.com

12. Changes to this DPA

AppReviewBot may update this DPA from time to time to reflect changes in our practices or applicable laws. We will notify Controller of any material changes and obtain consent where required by applicable Data Protection Laws.

Your continued use of our website will be regarded as acceptance of our practices around data processing and personal information. If you have any questions about how we handle user data and personal information, feel free to contact us.

This Data Processing Agreement is effective as of July 14, 2025.