Data Processing Agreement

1. Purpose and Scope

This Data Processing Agreement ("DPA") describes how OneFoundr processes personal data in connection with the Service. This DPA applies to all users of the Service, including registered users and anonymous public users.

2. Data Controller and Processor

OneFoundr acts as both the Data Controller and Data Processor for personal data collected through the Service. We are responsible for ensuring compliance with applicable data protection laws and regulations.

3. Types of Personal Data Processed

3.1 Registered Users

For registered users, we process the following minimal personal data:

• Playground ID: Technical identifier for playground management
• Email Address: Used for account authentication and communication
• Name: Display name provided during registration

3.2 Anonymous Public Users

For anonymous public users:

• No personal data is processed
• No personal data is stored
• Users are 100% anonymous
• No personal identifiers are collected or retained

4. Legal Basis for Processing

We process personal data based on the following legal grounds:

• Consent: By registering for an account, you consent to the processing of your personal data
• Contractual Necessity: Processing is necessary to provide the Service you have requested
• Legitimate Interest: Processing is necessary for the operation and security of the Service

5. Purpose of Processing

Personal data is processed solely for the following purposes:

• Providing and maintaining the Service
• Authenticating user accounts
• Associating playgrounds with user accounts
• Ensuring the security and integrity of the Service
• Complying with legal obligations

6. Data Minimization

We adhere to the principle of data minimization. We only collect and process the minimum amount of personal data necessary to provide the Service. We do not collect or process any personal data beyond what is explicitly stated in this agreement.

7. Data Security Measures

We implement appropriate technical and organizational measures to protect personal data, including:

• Encryption of data in transit
• Secure storage of data at rest
• Access controls and authentication mechanisms
• Regular security assessments
• Incident response procedures

8. Data Retention

Personal data is retained only for as long as necessary to fulfill the purposes outlined in this DPA. When personal data is no longer needed, it is securely deleted or anonymized. Registered users may request deletion of their personal data at any time by deleting their account.

9. Data Subject Rights

Registered users have the following rights regarding their personal data:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Limit how we process your data
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to processing of your personal data
• Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, please contact us through the Service.

10. Third-Party Processing

We do not share personal data with third parties. We do not use third-party processors for personal data. All data processing is performed directly by OneFoundr.

11. International Data Transfers

Personal data may be stored and processed in locations outside your country of residence. We ensure that appropriate safeguards are in place to protect your personal data in accordance with applicable data protection laws.

12. Data Breach Notification

In the event of a personal data breach that may result in a risk to your rights and freedoms, we will notify you and relevant supervisory authorities in accordance with applicable data protection laws.

13. Compliance

We are committed to complying with applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant privacy regulations.

14. Changes to This Agreement

We may update this Data Processing Agreement from time to time. We will notify you of any material changes by updating the "Last Updated" date. Your continued use of the Service after such modifications constitutes acceptance of the updated agreement.

15. Contact Information

If you have any questions about this Data Processing Agreement or wish to exercise your rights, please contact us through the Service.