HomePricingFor BusinessFor Nonprofits
Raising Reputations logo: reputation management software for businesses and nonprofits
LoginSign Up

Data Processing Agreement

Last updated: November 26, 2025

This Data Processing Agreement (“DPA”) forms part of the Terms of Service and/or any other agreement (“Agreement”) between:

Raising Reputations, LLC

407 West Smith Valley Road, Suite #382

Greenwood, Indiana 46142

Email: Support@RaisingReputations.com

(“Raising Reputations,” “Processor,” “Service Provider,” “we,” “us,” “our”) and The Customer (“Controller,” “Business,” “you,” “your”).

1. PURPOSE & SCOPE

This DPA governs Raising Reputations’ processing of personal data on behalf of the Customer while providing:

  • The Raising Reputations SaaS platform
  • The Raising Reputations Skool community
  • All DFY services (review management, GBP management, CX workflows, etc.)

This DPA ensures compliance with:

  • GDPR (EU & UK)
  • CCPA/CPRA
  • Other applicable US federal & state privacy laws
  • International data protection laws

2. DEFINITIONS

For purposes of this DPA:

  • Controller / Business — the party that determines the purpose and means of processing.
  • Processor / Service Provider — the party that processes personal data on behalf of the Controller.
  • Customer Personal Data — any personal data submitted, uploaded, or provided by Customer through the Services.
  • Applicable Law — all global privacy and data protection laws, including GDPR, CPRA, US state laws, etc.
  • Sub-processor — any third-party service provider engaged by Raising Reputations.
  • Personal Data Breach — any unauthorized or unlawful loss, access, disclosure, or destruction of personal data.

3. ROLES OF THE PARTIES

  • Customer is the Controller or Business.
  • Raising Reputations is the Processor and Service Provider.
  • Each party is an independent Controller of its own business contact information (e.g., account owner contact details).

Raising Reputations does not sell or share Customer Personal Data.

4. CUSTOMER INSTRUCTIONS

Raising Reputations agrees to:

  • Process Customer Personal Data only in accordance with documented instructions.
  • Not sell, share, combine, or use Customer Personal Data for any purpose other than delivering the contracted Services.
  • Not retain, use, or disclose Customer Personal Data outside the business relationship.

Customer agrees not to instruct Raising Reputations to perform unlawful processing.

5. GLOBAL DATA TRANSFERS (GDPR, UK GDPR, Swiss FADP)

Raising Reputations may process or store Customer Personal Data in the United States or in other permissible regions.

When data is transferred out of the EEA/UK/Switzerland:

  • EU SCCs (2021) apply for EU customers.
  • UK SCC Addendum applies for UK customers.
  • Swiss-adapted SCCs apply for Switzerland customers.

These are incorporated automatically upon use of the Raising Reputations platform.

6. SUB-PROCESSORS

Customer authorizes Raising Reputations to use sub-processors necessary to deliver the Services, including:

  • Hosting providers
  • Email delivery providers
  • Analytics providers
  • Payment processors
  • AI and automation infrastructure

Raising Reputations will:

  • Maintain written contracts with all sub-processors
  • Impose equivalent protections required under this DPA
  • Remain fully responsible for their performance
  • Provide the Customer with notice of material changes

7. CONFIDENTIALITY

Raising Reputations will ensure that all personnel authorized to process personal data:

  • Are subject to confidentiality obligations
  • Are trained on handling personal data
  • Access data only as necessary to perform duties

8. SECURITY MEASURES

Raising Reputations maintains industry-standard security, including:

  • Access controls and authentication
  • Encryption in transit and at rest
  • Secure development and testing procedures
  • Logging and monitoring
  • Firewalls and intrusion detection
  • Backup, disaster recovery, and business continuity programs
  • Annual security reviews and vulnerability assessments

Details of security controls can be provided upon request.

9. PERSONAL DATA BREACH RESPONSE

If Raising Reputations discovers a Personal Data Breach involving Customer Personal Data:

  • Customer will be notified without undue delay, and within 72 hours where legally required.
  • Notification may include known details of the breach, risks, and mitigation steps.

Raising Reputations is not responsible for the Customer’s own legal obligations to notify regulators or affected individuals.

10. DATA SUBJECT REQUESTS

Raising Reputations will:

  • Notify Customer if it receives a request from a data subject (EU/UK/US).
  • Assist the Customer in responding when possible and lawful.

Raising Reputations does not respond directly to data subjects unless legally required.

11. RETURN & DELETION OF DATA

Upon termination of Services:

  • Customer may request the deletion or export of Customer Personal Data.
  • Raising Reputations will delete or anonymize such data unless legally required to retain it.
  • Backup archives will be securely overwritten in accordance with retention schedules.

12. AUDIT RIGHTS

Upon written request:

  • Raising Reputations will provide documentation demonstrating compliance (e.g., security summaries, audit reports).
  • Formal audits may be conducted once per year with 30 days’ notice, at Customer’s expense, and must not disrupt operations.

13. USE OF CUSTOMER REVIEWS, FEEDBACK & CASE STUDIES

Marketing Opt-Out Clause

Customer grants Raising Reputations permission to use:

  • Customer reviews
  • Public ratings
  • Feedback
  • Case studies
  • Success stories
  • Screenshots or anonymized examples for marketing, training, or product improvement, unless the Customer opts out by emailing: Support@RaisingReputations.com

Customers may opt out at any time.

Raising Reputations will never disclose confidential information or sensitive data.

14. THIRD-PARTY PLATFORM LIMITATION OF LIABILITY

Customer acknowledges that:

  • Raising Reputations integrates with third-party platforms (Google, Meta, Yelp, TripAdvisor, and others, etc.).
  • Raising Reputations has no control over third-party actions.
  • Raising Reputations is not liable for account suspensions, removals, penalties, policy violations, API changes, or lost access.
  • Customer must comply with all third-party policies.

15. LIMITATION OF LIABILITY

To the fullest extent permitted by law:

  • Raising Reputations’ total liability under this DPA will not exceed fees paid in the prior 3 months.
  • Raising Reputations is not responsible for indirect, incidental, punitive, or consequential damages.

16. GOVERNING LAW & JURISDICTION

This DPA is governed exclusively by the laws of Indiana, USA. All legal claims must be brought exclusively in Johnson County, Indiana.

17. ORDER OF PRECEDENCE

If there is a conflict between:

1. This DPA

2. The Terms of Service

3. The Privacy Policy

then: SCCs → this DPA → Terms of Service → Privacy Policy.

18. MISCELLANEOUS

  • If any provision becomes invalid, the remainder remains enforceable.
  • Updates to this DPA may be made and will be posted online.
  • Continued use of the Services constitutes acceptance of updates.

19. CONTACT INFORMATION

Raising Reputations, LLC

407 West Smith Valley Road, Suite #382

Greenwood, Indiana 46142

Support@RaisingReputations.com