GDPR Data Processing Agreement
Last updated: 16 April 2026
This Data Processing Agreement (DPA) applies to business customers who use the AIVerified.io API and are subject to GDPR. By using the API, you agree to this DPA.
1. Parties
Processor: LinkDaddy® LLC, 509 N Prescott Avenue, Suite B, Clearwater, Florida 33755, USA
Controller: The API customer (you)
2. Subject Matter and Duration
This DPA governs the processing of personal data by LinkDaddy® LLC on behalf of the Controller in connection with the AIVerified.io API. It remains in effect for the duration of the API subscription.
3. Nature and Purpose of Processing
Responding to API queries for business verification; maintaining the business registry; issuing and managing AI Verified Passports.
4. Types of Personal Data Processed
Business name and registration number; contact email; website domain; country of registration; IP addresses (fraud prevention).
5. Sub-Processors
- Cloudflare, Inc. — hosting, CDN, R2 storage (US/EU)
- Resend / SendGrid / Mailgun / Postmark — transactional email delivery
We will notify you of sub-processor changes with 30 days notice.
6. Technical and Organisational Security Measures
- All data in transit encrypted via TLS 1.3
- All data at rest encrypted via AES-256
- Role-based access controls, principle of least privilege
- SHA-256 hashing of passport documents for tamper detection
- Regular security reviews
7. Data Transfer Mechanisms
Transfers of personal data from the EU to the US are covered by Standard Contractual Clauses (SCCs) as adopted by the European Commission. A copy is available on request.
8. Data Subject Rights Assistance
We will assist the Controller in responding to data subject rights requests within 5 business days of receiving a written request.
9. Deletion or Return of Data
Within 30 days of subscription termination, we will delete or return all personal data processed on behalf of the Controller, except where retention is required by law.