Data Processing Agreement

Last Updated: August 19, 2025

🏢 Enterprise & Educational Institutions

This Data Processing Agreement (DPA) is available for enterprise customers and educational institutions requiring formal data processing arrangements. Contact us to execute a DPA for your organization.

Overview

This Data Processing Agreement forms part of our Terms of Service and governs how Updoot (operating CheatCode) processes personal data on behalf of our enterprise and educational customers.

Key Components

  • Scope and nature of data processing activities
  • Security measures and technical safeguards
  • Data subject rights and assistance procedures
  • Subprocessor management and notifications
  • International data transfer protections
  • Breach notification and incident response

Data Processing Details

✅ What We Process

  • User account information
  • Educational queries and content
  • Usage analytics and patterns
  • Temporary screenshot data (24h TTL)
  • Browser and device information

🎯 Processing Purpose

  • AI-powered educational assistance
  • Service quality improvement
  • Security and abuse prevention
  • Legal compliance
  • Customer support

🔄 Hybrid AI Processing

CheatCode's unique hybrid AI architecture provides flexibility for data processing:

Local Processing (Gemini Nano)

  • • Data stays on user's device
  • • No transmission to servers
  • • Maximum privacy protection

Cloud Processing

  • • Secure transmission with encryption
  • • Processing via approved AI providers
  • • Immediate deletion after processing

Security Measures

Technical Safeguards

Encryption

  • • TLS 1.3 for data in transit
  • • AES-256 for data at rest
  • • End-to-end encryption where applicable

Access Controls

  • • JWT-based authentication
  • • Role-based access control
  • • Principle of least privilege

Infrastructure

  • • SOC 2 compliant hosting
  • • Regular security audits
  • • Intrusion detection systems

Privacy by Design

  • • Data minimization principles
  • • Automatic data deletion
  • • Anonymous analytics

Organizational Safeguards

  • Employee training on data protection and privacy
  • Confidentiality agreements for all personnel
  • Background checks for data access roles
  • Regular security awareness training
  • Incident response procedures and protocols

Subprocessors

⚠️ Approved Subprocessors

We only work with vetted subprocessors that provide equivalent data protection guarantees:

SubprocessorPurposeLocationSafeguards
OpenRouterAI processing gatewayUnited StatesDPA, No data retention
AnthropicClaude AI processingUnited StatesEnterprise terms, SOC 2
OpenAIGPT AI processingUnited StatesEnterprise agreement
VercelWebsite hostingUnited StatesSOC 2, ISO 27001
StripePayment processingUnited StatesPCI DSS Level 1

Subprocessor Management

  • 30-day advance notice for new subprocessors
  • Right to object to subprocessor changes
  • Equivalent data protection guarantees required
  • Regular compliance monitoring and audits

Data Subject Rights

GDPR Rights (EU)

  • Right of access
  • Right to rectification
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

CCPA Rights (California)

  • Right to know what data is collected
  • Right to delete personal information
  • Right to correct inaccurate data
  • Right to opt-out of sale/sharing
  • Right to limit sensitive data use
  • Non-discrimination for exercising rights

🤝 Our Assistance

We provide comprehensive assistance for data subject requests:

  • 5-day notification of requests received
  • Technical assistance for request fulfillment
  • 30-day response time for processing requests
  • Documentation and audit trails maintained

International Transfers

🌍 Transfer Safeguards

For data transfers from EU/EEA to the United States:

  • EU Standard Contractual Clauses (SCCs)
  • Additional technical safeguards (encryption)
  • Regular transfer impact assessments
  • Government access transparency measures

Government Access Protections

  • Immediate notification of government data requests
  • Legal challenge of inappropriate requests
  • Minimum data disclosure principle
  • Detailed documentation of all access requests

How to Execute a DPA

📋 Enterprise Customers

To execute a formal Data Processing Agreement with additional terms specific to your organization:

1.

Contact Our Team

Email enterprise@cheatcode.fun with your requirements

2.

Review Requirements

We'll review your specific compliance and data handling needs

3.

Customize Terms

Tailor the DPA to meet your organization's requirements

4.

Execute Agreement

Sign the DPA as part of your enterprise agreement

Contact Information

Enterprise & Legal

Enterprise Sales:enterprise@cheatcode.fun
Legal & Compliance:legal@cheatcode.fun
Data Protection Officer:dpo@cheatcode.fun

Support & Privacy

Privacy Inquiries:privacy@cheatcode.fun
Security Issues:security@cheatcode.fun
General Support:support@cheatcode.fun

This Data Processing Agreement is effective as of August 19, 2025.
CheatCode is operated by Updoot.
For enterprise customers requiring formal DPA execution, please contact enterprise@cheatcode.fun.