Data Processing Agreement — Summary
Last updated: June 13, 2026
This is a plain-language summary of how Everpop processes personal data on behalf of its customers, provided for transparency. It is not itself the agreement — the full Data Processing Agreement (DPA) governs and is available on request at privacy@everpop.app.
Roles
For the content and channel data you process through Everpop, you are the data controller and Everpop acts as your processor. For your own account and billing data, Everpop is the controller.
Scope & instructions
We process personal data only to provide the Service — detecting your uploads, generating and publishing clips, and measuring results — and on your documented instructions. We do not sell personal data, and we do not use Google user data to train generalized machine-learning models.
Security
We apply appropriate technical and organizational measures: encryption in transit, encryption of sensitive credentials at rest, least-privilege access, and audit logging. You can view and export your own activity log from your dashboard settings.
Subprocessors
We engage the subprocessors listed on our Subprocessorspage, each bound by GDPR Article 28 terms. We give at least 30 days' notice before adding a new subprocessor that processes personal data.
International transfers
Transfers to processors outside the EEA rely on Standard Contractual Clauses approved by the European Commission.
Your rights
We help you respond to access, correction, deletion, and portability requests. You can export or delete your own data directly from your dashboard settings (GDPR Articles 15, 17, and 20).
Breach notification
We will notify you without undue delay after becoming aware of a personal-data breach affecting your data, with the information you need to meet your own notification obligations.
Return & deletion
On termination, we delete or return your personal data in accordance with the DPA and our retention policy, except where retention is required by law.
Everpop