Data Processing Agreement
When you store other people's personal data in AVTDB — your clients, production managers, and contacts — AVTDB processes it on your behalf. This DPA sets out the terms that apply to that processing.
Last updated: 2026-05-17
1. Scope and roles
This Data Processing Agreement (“DPA”) forms part of, and is governed by, our Terms of Service between you (“you”, the technician account holder) and AVTDB LLC (“AVTDB”, “we”, “us”).
It applies wherever, in providing the Service, we process personal data on your behalf — for example the names, email addresses, phone numbers, and notes you record about your clients, venues, and production contacts. For that data, you are the controller and AVTDB is the processor.
Personal data about you (your account, billing, and profile information) is governed by our Privacy Policy, where we act as controller. This DPA does not change that.
2. Our processing obligations
We will:
- process the personal data only to provide and support the Service, and only on your documented instructions (which include your use of the app's features) — unless the law requires otherwise, in which case we will tell you first where we are permitted to;
- ensure that personnel authorized to process the data are bound by confidentiality;
- implement appropriate technical and organizational security measures (see Annex B);
- assist you, taking into account the nature of the processing, in responding to data-subject requests and in meeting your security, breach-notification, and impact-assessment obligations;
- at your choice, delete or return the personal data at the end of the service, except where retention is legally required (see section 6); and
- make available the information reasonably necessary to demonstrate compliance with these obligations.
3. Subprocessors
You authorize us to engage subprocessors to provide the Service. We impose data-protection obligations on each subprocessor that are no less protective than those in this DPA, and we remain responsible for their performance. Our current subprocessors are listed in Annex C. We will give you a reasonable opportunity to object to a new subprocessor before it begins processing your data; tell us at legal@avtdb.com if you would like advance notice.
4. Data-subject requests
If we receive a request from one of your contacts to access, correct, or delete their personal data, we will forward it to you rather than respond directly, and we will help you respond using the tools in the app. You remain responsible, as controller, for honoring those requests.
5. Personal data breaches
If we become aware of a personal data breach affecting data we process on your behalf, we will notify you without undue delay and provide the information you reasonably need to meet your own notification obligations. Report a suspected issue to security@avtdb.com.
6. Transfers, deletion, and return
Where personal data is transferred outside its country of origin, we rely on an appropriate transfer mechanism (such as the Standard Contractual Clauses) with the relevant subprocessor.
On termination of your account, or on your request, we will delete or return the personal data we process on your behalf. Routine deletion timelines are described in our Privacy Policy. We may retain data where the law requires.
7. Audits
On reasonable written request, and no more than once a year unless required by a regulator, we will make available the information necessary to demonstrate compliance with this DPA. Audits must respect the confidentiality and security of our other customers.
8. Order of precedence
If there is a conflict between this DPA and the Terms of Service on the subject of processing personal data on your behalf, this DPA controls. For a countersigned copy of this DPA, contact legal@avtdb.com.
Annex A — Details of processing
- Subject matter: provision of the AVTDB audio-visual business-management service.
- Duration: for as long as you maintain an account, plus any legally required retention period.
- Nature and purpose: storing, organizing, displaying, and acting on the records you create — jobs, contacts, invoices, documents, and related communications.
- Categories of data subjects: your clients, production managers, venue contacts, and anyone whose details you choose to record.
- Types of personal data: names, contact details (email, phone, address), and any notes or documents you store about them. Please do not store special-category data you do not need.
Annex B — Security measures
We maintain measures appropriate to the risk, including: encryption of data in transit; access controls and authenticated sessions; least-privilege access for our personnel; isolation of customer data by account; audit logging of significant events; and regular backups by our hosting provider. A fuller description is in our Privacy Policy.
Annex C — Current subprocessors
- Application & database hosting — runs the service and stores your data.
- Email delivery — sends transactional email (sign-in codes, notifications, invoices).
- SMS delivery — sends text-message codes and reminders.
- AI providers — power the Avie assistant and document/receipt features when you use them.
- Payment processing — handles card and ACH payments; we do not store full card numbers.
This list reflects the categories of providers in use; for the current named providers, contact legal@avtdb.com.
Contact
AVTDB LLC
1000 Heritage Center Cir. , · #374 · Round Rock, TX 78664 · United States
legal@avtdb.com
