Company Mobile Logo

Data Processing Addendum (DPA)

This Data Processing Addendum (“DPA”) forms part of the agreement between the customer (“Controller”, “you”) and Niche Designature LLC d/b/a Depo Amerika (“Processor”, “Depo Amerika”, “we”, “us”).

1. Definitions

  • "Agreement" means the main service agreement or terms under which you use the Depo Amerika platform.
  • "Controller" means the business that determines the purposes and means of processing Personal Data (you, the merchant or client).
  • "Processor" means the entity that processes Personal Data on behalf of the Controller (Depo Amerika).
  • "Personal Data" means any information relating to an identified or identifiable natural person, including end customers and recipients of shipments.
  • "End Customer Data" means Personal Data relating to your buyers, recipients, or users, transmitted to Depo Amerika through connected channels or systems.
  • "Data Protection Laws" means applicable U.S. federal and state privacy laws (including CCPA/CPRA) and, where relevant, the EU/UK GDPR.

2. Role of the Parties

  • For End Customer Data and shipment-related information, you act as the Controller and Depo Amerika acts as your Processor.
  • For Depo Amerika’s own website analytics, account-level information, and internal business records, Depo Amerika acts as an independent controller as described in our Privacy Policy.

3. Subject Matter, Nature, and Purpose of Processing

Depo Amerika processes Personal Data solely to provide fulfillment and shipping-related services under the Agreement, including but not limited to:

  • Receiving order and shipment data from your systems and sales channels.
  • Supporting barcode-based operational workflows and operator actions.
  • Generating and managing shipping labels and carrier selections.
  • Logging operational events (scans, status changes, retries) for traceability and support.
  • Syncing shipment and tracking data back to your connected channels.

4. Types of Data and Data Subjects

Depo Amerika may process the following types of Personal Data on your behalf:

  • End Customer / Recipient Data: Name, shipping address, phone number, email (if provided), order identifiers.
  • Account & Operator Data: Names or identifiers of your staff, user IDs, login activity, operational logs.
  • Channel & Integration Data: Store identifiers, marketplace account identifiers, API tokens and configuration details.

Data subjects may include your customers, recipients, employees, contractors, or other individuals whose data you provide to Depo Amerika.

5. Channels and Integrations

You may connect various sales and order sources to Depo Amerika, including but not limited to: e-commerce platforms (such as Shopify, Etsy, Amazon), your own custom website or store, other marketplaces, and custom integrations via API. Depo Amerika processes Personal Data received from these channels only in accordance with your documented instructions.

6. Controller Instructions

  • Depo Amerika will process Personal Data only on your documented instructions, as set out in the Agreement, this DPA, and any configuration you perform in the platform (e.g., enabled integrations, automation rules).
  • If Depo Amerika is required by law to process Personal Data beyond your instructions, we will inform you of that legal requirement, unless prohibited by law.

7. Processor Obligations

Depo Amerika shall:

  • Implement appropriate technical and organizational measures to protect Personal Data.
  • Ensure that personnel authorized to process Personal Data are bound by confidentiality obligations.
  • Process Personal Data only for the purposes of providing the services, supporting your operations, and complying with applicable law.
  • Notify you without undue delay upon becoming aware of a data breach involving Personal Data we process on your behalf.
  • Assist you, where reasonably possible, in responding to data subject requests and regulatory inquiries.

8. Sub-processors

  • You authorize Depo Amerika to engage sub-processors (such as hosting providers, infrastructure vendors, logging and monitoring tools, email service providers, and payment processors) to support the services.
  • Depo Amerika will ensure that any sub-processor is bound by written obligations that provide at least the same level of data protection as this DPA.
  • Upon request, we will make available a description of our core sub-processor categories or list of material sub-processors.

9. International Data Transfers

Depo Amerika may process and store Personal Data in the United States and in other jurisdictions where our sub-processors operate. Where Data Protection Laws require additional safeguards (for example, under GDPR), the parties agree to implement appropriate transfer mechanisms such as standard contractual clauses or equivalent measures, as applicable.

10. Security

Depo Amerika maintains administrative, technical, and physical safeguards designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures may include:

  • Access controls and role-based permissions.
  • Encryption in transit and secure network architecture.
  • Logging and monitoring of operational activity.
  • Regular backups and business continuity procedures.
  • Vendor due diligence for key infrastructure and service providers.

11. Data Subject Requests

  • If Depo Amerika receives a request from an individual regarding their Personal Data (such as access, correction, deletion, or objection), we will direct the requester to you, unless we are legally required to respond directly.
  • Depo Amerika will provide reasonable assistance to you, where technically feasible, in fulfilling data subject requests under applicable Data Protection Laws.

12. Data Breach Notification

In the event of a confirmed Personal Data breach affecting data processed on your behalf, Depo Amerika will:

  • Notify you without undue delay after becoming aware of the breach.
  • Provide available information about the nature of the incident and affected data.
  • Cooperate with you in taking reasonable steps to investigate, mitigate, and remediate the incident.

13. Return and Deletion of Data

  • Upon termination or expiration of the Agreement, or upon your written request, Depo Amerika will delete or return Personal Data processed on your behalf, unless retention is required by law.
  • Aggregated or anonymized data that does not identify an individual may be retained by Depo Amerika for legitimate business purposes, provided it is no longer Personal Data.

14. Audit and Compliance

  • Upon reasonable written request, Depo Amerika will make available information necessary to demonstrate compliance with this DPA.
  • To the extent required by applicable law, and subject to reasonable confidentiality and security controls, you may conduct or commission audits related to Depo Amerika’s data processing practices as they relate to services provided to you.

15. Relationship to the Main Agreement

  • This DPA forms part of, and is subject to, the terms and limitations of the Agreement between you and Depo Amerika.
  • In the event of a conflict between this DPA and the Agreement regarding data protection, this DPA will control to the extent of the conflict.

16. Contact Information

For questions regarding this DPA or our processing of Personal Data, please contact:
info@depoamerika.com

Last Updated: 2025