Data Processing Agreement

1. Conclusion of Agreement

By creating an account on Stripdo, the user acting as a data controller (e.g. with respect to their customers' personal data) entrusts Tradeco Krzysztof Cichy, os. Tysiąclecia 71/51, 61-255 Poznań, Poland, NIP PL7822918532 ("Stripdo" / "Processor") with the processing of personal data under the terms set out in this agreement.

This agreement is concluded without the need for separate signatures — it takes effect upon acceptance of the checkbox during registration.

2. Scope of Processing

The Controller entrusts Stripdo with the processing of personal data of the Controller's customers for the purpose of providing the service — specifically, generating and delivering invoices based on Stripe transactions.

The data processed may include:

• First name, last name, email address
• Company name, address, NIP / VAT ID
• Payment and transaction data
• Any other data required for invoice generation

3. Obligations of Stripdo as Processor

Stripdo undertakes to:

• Process personal data solely in accordance with the Controller's instructions and exclusively for the purpose of providing the service
• Ensure confidentiality and provide appropriate training to persons authorised to access the data
• Implement appropriate technical and organisational security measures in accordance with Art. 32 of the GDPR
• Assist the Controller in fulfilling data subject rights requests (access, rectification, erasure, etc.)
• Notify the Controller without undue delay of any personal data breach
• Upon termination of the agreement, delete or return all personal data at the Controller's discretion

4. Sub-processors

The Controller grants general authorisation for Stripdo to engage the following sub-processors:

• Stripe, Inc. (USA) — payment processing
• Clerk, Inc. (USA) — authentication and user management
• Supabase, Inc. (USA) — database and backend infrastructure
• Vercel, Inc. (USA) — hosting and deployment
• Resend, Inc. (USA) — transactional email delivery
• DataFast (datafa.st) — privacy-friendly website analytics

If new sub-processors are added, Stripdo will notify the Controller in advance. The Controller may object within 14 days of being notified; if no objection is raised the change is deemed accepted.

5. International Data Transfers

The Controller consents to the transfer of personal data to third countries (e.g. the United States) in accordance with Art. 46 of the GDPR, using Standard Contractual Clauses (SCCs) or the EU-U.S. Data Privacy Framework, as applicable, to ensure an adequate level of data protection.

6. Duration

This agreement remains in effect for the entire duration of the user's account. Upon account deletion, all personal data will be permanently erased unless the Controller requests its return beforehand.

7. Liability

Stripdo is liable for processing personal data in compliance with the GDPR to the extent arising from its role as a Processor. Stripdo is not liable for actions taken by the user in their capacity as the Data Controller.

8. Contact

For any questions regarding this Data Processing Agreement, please contact us at hello@stripdo.com.