Chikoh | Advanced Sports Intelligence Terminal

This Data Processing Agreement ("DPA") forms part of the Master Service Agreement or Terms of Service ("Principal Agreement") between Sidekick Intelligence LLC (DBA Chikoh) ("Processor") and the customer ("Controller") for the purchase of services from Processor.

1. Definitions

In this DPA, the following terms shall have the meanings set out below:

"Data Controller" means the entity which determines the purposes and means of the Processing of Personal Data.
"Data Processor" means the entity which Processes Personal Data on behalf of the Data Controller.
"Data Subject" means the identified or identifiable person to whom Personal Data relates.
"Personal Data" means any information relating to an identified or identifiable natural person.
"Processing" means any operation performed on Personal Data.
"GDPR" means Regulation (EU) 2016/679 (General Data Protection Regulation).
"Data Protection Laws" means all applicable data protection and privacy laws including GDPR.

2. Details of Data Processing

2.1 Scope

The Processor will Process Personal Data on behalf of the Controller in accordance with the terms of this DPA and the Principal Agreement.

2.2 Categories of Data Subjects

Controller's employees and contractors
Controller's customers and end users
Controller's business partners
Any other individuals whose Personal Data is provided to Processor

2.3 Types of Personal Data

Contact information (names, email addresses, phone numbers)
Account information (usernames, user IDs)
Usage data and analytics
Fantasy sports league data
Entertainment preferences and predictions
Any other data provided in connection with the services

2.4 Processing Activities

The Personal Data will be subject to the following Processing activities:

Storage and hosting
Data analysis and reporting
Providing AI-powered recommendations
Customer support
Service improvement and development

3. Processor Obligations

The Processor shall:

Process Personal Data only on documented instructions from the Controller
Ensure that persons authorized to process Personal Data have committed to confidentiality
Implement appropriate technical and organizational measures to ensure security
Not engage another processor without prior written authorization from the Controller
Assist the Controller in responding to Data Subject requests
Assist the Controller in ensuring compliance with Articles 32-36 of GDPR
Delete or return all Personal Data after the end of service provision
Make available all information necessary to demonstrate compliance

4. Security Measures

The Processor shall implement appropriate technical and organizational measures including:

Encryption of Personal Data in transit and at rest
Regular security assessments and testing
Access controls and authentication measures
Regular backups and disaster recovery procedures
Employee training on data protection
Incident detection and response procedures

5. Sub-processors

The Controller authorizes the Processor to engage the following sub-processors:

Supabase (authentication and database services)
Railway (hosting and infrastructure)
Stripe/PayPal (payment processing)

The Processor shall notify the Controller of any intended changes concerning the addition or replacement of sub-processors, giving the Controller the opportunity to object.

6. Data Subject Rights

The Processor shall promptly notify the Controller if it receives a request from a Data Subject to exercise any rights under Data Protection Laws. The Processor shall not respond to such requests directly without the Controller's prior written consent.

7. Data Breach Notification

The Processor shall notify the Controller without undue delay and in any event within 48 hours after becoming aware of a Personal Data breach affecting the Controller's Personal Data.

8. International Transfers

The Processor shall not transfer Personal Data outside the EEA without the prior written consent of the Controller and appropriate safeguards in place.

9. Audits

The Processor shall make available to the Controller all information necessary to demonstrate compliance with this DPA and allow for audits, including inspections, by the Controller or an auditor mandated by the Controller.

10. Liability and Indemnity

Each party's liability arising out of or related to this DPA shall be subject to the limitations of liability provisions in the Principal Agreement.

11. Term and Termination

This DPA shall remain in effect as long as the Processor Processes Personal Data on behalf of the Controller under the Principal Agreement.

12. Contact Information

For DPA-related inquiries and notifications:

Email: support@mail.chikoh.com
Mail: Sidekick Intelligence LLC, 1021 E Lincolnway, Ste 8412, Cheyenne, WY 82001

1. Definitions

In this DPA, the following terms shall have the meanings set out below:

"Data Controller" means the entity which determines the purposes and means of the Processing of Personal Data.
"Data Processor" means the entity which Processes Personal Data on behalf of the Data Controller.
"Data Subject" means the identified or identifiable person to whom Personal Data relates.
"Personal Data" means any information relating to an identified or identifiable natural person.
"Processing" means any operation performed on Personal Data.
"GDPR" means Regulation (EU) 2016/679 (General Data Protection Regulation).
"Data Protection Laws" means all applicable data protection and privacy laws including GDPR.

2. Details of Data Processing

2.1 Scope

The Processor will Process Personal Data on behalf of the Controller in accordance with the terms of this DPA and the Principal Agreement.

2.2 Categories of Data Subjects

Controller's employees and contractors
Controller's customers and end users
Controller's business partners
Any other individuals whose Personal Data is provided to Processor

2.3 Types of Personal Data

Contact information (names, email addresses, phone numbers)
Account information (usernames, user IDs)
Usage data and analytics
Fantasy sports league data
Entertainment preferences and predictions
Any other data provided in connection with the services

2.4 Processing Activities

The Personal Data will be subject to the following Processing activities:

Storage and hosting
Data analysis and reporting
Providing AI-powered recommendations
Customer support
Service improvement and development

3. Processor Obligations

The Processor shall:

Process Personal Data only on documented instructions from the Controller
Ensure that persons authorized to process Personal Data have committed to confidentiality
Implement appropriate technical and organizational measures to ensure security
Not engage another processor without prior written authorization from the Controller
Assist the Controller in responding to Data Subject requests
Assist the Controller in ensuring compliance with Articles 32-36 of GDPR
Delete or return all Personal Data after the end of service provision
Make available all information necessary to demonstrate compliance

4. Security Measures

The Processor shall implement appropriate technical and organizational measures including:

Encryption of Personal Data in transit and at rest
Regular security assessments and testing
Access controls and authentication measures
Regular backups and disaster recovery procedures
Employee training on data protection
Incident detection and response procedures

5. Sub-processors

The Controller authorizes the Processor to engage the following sub-processors:

Supabase (authentication and database services)
Railway (hosting and infrastructure)
Stripe/PayPal (payment processing)

The Processor shall notify the Controller of any intended changes concerning the addition or replacement of sub-processors, giving the Controller the opportunity to object.

6. Data Subject Rights

7. Data Breach Notification

The Processor shall notify the Controller without undue delay and in any event within 48 hours after becoming aware of a Personal Data breach affecting the Controller's Personal Data.

8. International Transfers

The Processor shall not transfer Personal Data outside the EEA without the prior written consent of the Controller and appropriate safeguards in place.

9. Audits

10. Liability and Indemnity

Each party's liability arising out of or related to this DPA shall be subject to the limitations of liability provisions in the Principal Agreement.

11. Term and Termination

This DPA shall remain in effect as long as the Processor Processes Personal Data on behalf of the Controller under the Principal Agreement.

12. Contact Information

For DPA-related inquiries and notifications:

Email: support@mail.chikoh.com
Mail: Sidekick Intelligence LLC, 1021 E Lincolnway, Ste 8412, Cheyenne, WY 82001

Data Processing Agreement (DPA)

1. Definitions

2. Details of Data Processing

2.1 Scope

2.2 Categories of Data Subjects

2.3 Types of Personal Data

2.4 Processing Activities

3. Processor Obligations

4. Security Measures

5. Sub-processors

6. Data Subject Rights

7. Data Breach Notification

8. International Transfers

9. Audits

10. Liability and Indemnity

11. Term and Termination

12. Contact Information

Data Processing Agreement (DPA)

1. Definitions

2. Details of Data Processing

2.1 Scope

2.2 Categories of Data Subjects

2.3 Types of Personal Data

2.4 Processing Activities

3. Processor Obligations

4. Security Measures

5. Sub-processors

6. Data Subject Rights

7. Data Breach Notification

8. International Transfers

9. Audits

10. Liability and Indemnity

11. Term and Termination

12. Contact Information