DPA summary

Processing roles, subprocessor categories, and security posture.

This page is an operational summary, not a signed legal addendum. Use it to understand how ACP frames controller and processor roles, then confirm contractual terms through the formal agreement process.

Controller: Merchant or store owner.

Processor: Bear Software.

Purpose: Feed audits, catalog quality analysis, optimization workflows, reporting, billing, and support for merchant-owned product data.

Security measures

TLS is used for application and API traffic.
Secrets and provider credentials are stored using encrypted handling patterns within the application.
Store-level isolation is used so merchant data stays scoped to the correct account.

Subprocessor categories

Infrastructure and data storage providers
Billing and subscription providers
Email and support delivery providers
AI model providers, but only for workflows the merchant chooses to enable

Legal review recommended before publishing signed DPA terms, regional transfer language, or a named subprocessor schedule.