UmbaCart UmbaCart

Data Processing Addendum (DPA)

  • Home
  • Data Processing Addendum (DPA)

Effective Date: November 08, 2025

Last Updated: November 08, 2025


1. Acceptance

By accessing or using UmbaCart’s platform, users agree to this Data Processing Addendum (DPA), which supplements the main Terms and Conditions and Privacy Policy.

If you do not agree, you must immediately discontinue use of UmbaCart.

Risk Protection:

This ensures enforceability — users’ continued usage = automatic acceptance, limiting UmbaCart’s exposure to post-agreement disputes.


2. Eligibility

Users must be 18 years or older (or the legal age of majority in their jurisdiction) and have the authority to enter into binding legal contracts on behalf of their organization.

Risk Protection:

Prevents minors or unauthorized agents from creating accounts that could legally invalidate agreements.


3. Account Security

Users are fully responsible for securing account credentials, preventing unauthorized access, and maintaining updated account details.

UmbaCart reserves the right to suspend or terminate accounts involved in fraud, misuse, or non-compliance with this DPA.

Risk Factor: Unauthorized access leading to data leaks.

Risk Mitigation: UmbaCart limits liability by defining account security as the user’s responsibility.


4. Services Overview

UmbaCart provides Software-as-a-Service (SaaS) tools for eCommerce management.

Features or processing methods may be updated or discontinued with 30 days’ prior written notice (via email or dashboard alert).

Risk Protection:

Ensures operational flexibility without breaching contract obligations.


5. Payments and Renewals

Subions automatically renew unless canceled before the next billing cycle.

Payments follow UmbaCart’s Refund Policy and must be completed promptly to avoid service interruption.

Risk Factor: Disputes over renewals or refunds.

Risk Mitigation: Explicit auto-renewal terms create enforceable billing rights under SaaS law.


6. Data Processing and Ownership

Controller and Processor Roles:

The Customer acts as the Data Controller.

UmbaCart acts as the Data Processor, processing data only per customer instructions.

Data Location: Data may be stored or processed globally, ensuring adequate safeguards under GDPR-approved mechanisms (e.g., SCCs).

Data Security: UmbaCart implements administrative, physical, and technical safeguards aligned with ISO 27001 and GDPR Article 32 standards.

Risk Protection:

Clearly defines UmbaCart’s limited role as a “processor,” avoiding full data liability in case of user misuse or external breach.


7. Intellectual Property

All UmbaCart intellectual property, software, trademarks, and systems remain the sole property of UmbaCart.

Users grant UmbaCart a non-exclusive, revocable license to host, display, and process submitted content strictly for service delivery.

Risk Factor: Users claiming ownership of UmbaCart’s platform or algorithms.

Risk Mitigation: IP clause blocks such claims and ensures UmbaCart retains full proprietary rights.


8. Acceptable Use

Users must not upload or process data that is:

Unlawful or infringing on third-party rights

Harmful, obscene, or discriminatory

Used for spam, fraud, or malware distribution

Violation may lead to immediate suspension or termination.

Risk Protection:

Provides UmbaCart the right to act swiftly against illegal activities, protecting from regulatory penalties.


9. Third-Party Services

UmbaCart integrates with external platforms (e.g., Stripe, Meta, Google Analytics).

These services are governed by their own terms and privacy policies.

UmbaCart is not liable for data processing or failures by these third parties.

Risk Factor: Data sharing liability via integrations.

Risk Mitigation: Shifts legal responsibility to the user and third party.


10. Limitation of Liability

To the maximum extent permitted by law, UmbaCart shall not be liable for indirect, incidental, or consequential damages.

Total aggregate liability is limited to the fees paid by the user in the preceding 12 months.

Risk Protection:

Caps exposure — critical for SaaS compliance and investor protection.


11. Indemnification

Each party agrees to indemnify and hold harmless the other against losses, liabilities, or claims arising from their own breach, negligence, or willful misconduct.

Risk Protection:

Creates a balanced legal defense structure and a reciprocal protection clause.


12. Termination and Data Return

Either party may terminate this DPA for material breach or misuse.

Upon termination, user data will be deleted or exported within 30 days, unless retention is required by law.

Risk Factor: Post-termination data disputes.

Risk Mitigation: Defines strict timelines and processes to prevent liability over retained data.


13. Governing Law and Dispute Resolution

This DPA is governed by the laws of Delaware, USA, without regard to conflict of law principles.

Disputes shall be resolved through binding arbitration in Delaware, in accordance with AAA Commercial Arbitration Rules.

Risk Protection:

Avoids costly litigation and establishes a favorable jurisdiction for UmbaCart.


14. Modifications

UmbaCart may update this DPA to reflect legal, operational, or technical changes.

Users will be notified 30 days in advance via email or platform notification.

Risk Protection:

Ensures regulatory adaptability (GDPR Article 28 compliance) while maintaining contractual fairness.


15. Contact

For data protection inquiries or DPA-related concerns:

📧 legal@umbacart.com