HomeFeaturesUse casesAbout UsDocsBlogBook a demo

STACKKNACK

DATA PROCESSING ADDENDUM (DPA)

Effective Date: January 3, 2026

This Data Processing Addendum ("DPA") forms part of and is incorporated into the StackKnack Terms and Conditions (the "Agreement") between StackKnack LLC ("StackKnack," "Processor," or "Service Provider") and the entity that has entered into the Agreement ("Operator," "Customer," or "Controller").

This DPA applies where StackKnack processes Personal Data on behalf of the Operator in connection with the Service.

1. DEFINITIONS

For purposes of this DPA:

  • "Applicable Data Protection Laws" means all laws and regulations applicable to the processing of Personal Data, including GDPR, UK GDPR, CCPA/CPRA, and other similar laws.
  • "Controller" means the entity that determines the purposes and means of processing Personal Data.
  • "Processor" means the entity that processes Personal Data on behalf of the Controller.
  • "Personal Data" has the meaning given under Applicable Data Protection Laws.
  • "Processing" has the meaning given under Applicable Data Protection Laws.
  • "Sub-processor" means a third party authorized to process Personal Data on behalf of StackKnack.

Operator is the Controller. StackKnack is the Processor / Service Provider.

2. SCOPE OF PROCESSING

2.1 Subject Matter

StackKnack processes Personal Data to provide the Service, including inventory management, operational workflows, marketplace integrations, analytics, and support.

2.2 Duration

Processing will continue for the duration of the Agreement, unless otherwise instructed by the Operator or required by law.

2.3 Nature and Purpose of Processing

Processing activities may include:

  • collecting
  • storing
  • organizing
  • transmitting
  • analyzing
  • reconciling
  • deleting

solely to operate and support the Service.

2.4 Categories of Personal Data

Personal Data processed may include:

  • customer contact information (name, email, phone number)
  • shipping and billing addresses
  • order and transaction history
  • marketplace identifiers (Shopify, eBay, Clover IDs)
  • inventory and SKU associations
  • Operator staff user data (names, emails, roles)

2.5 Categories of Data Subjects

  • Operator customers
  • buyers and sellers
  • consignors
  • Operator employees and contractors

3. OPERATOR OBLIGATIONS

Operator represents and warrants that:

  • it has the right to provide Personal Data to StackKnack;
  • it has provided all required notices to data subjects;
  • it has obtained all necessary consents;
  • it will respond to data subject requests;
  • it complies with Applicable Data Protection Laws.

Operator is solely responsible for determining the purposes and means of processing.

4. STACKKNACK OBLIGATIONS

StackKnack agrees to:

  • process Personal Data only on documented instructions from Operator;
  • not use Personal Data for StackKnack's own marketing to Operator customers;
  • ensure personnel processing Personal Data are bound by confidentiality obligations;
  • implement reasonable technical and organizational security measures;
  • assist Operator with compliance obligations as reasonably requested.

5. SUB-PROCESSORS

5.1 Authorization

Operator grants StackKnack general authorization to engage Sub-processors to provide the Service.

5.2 Sub-processor Obligations

StackKnack ensures Sub-processors are bound by written agreements providing data protection obligations no less protective than this DPA.

5.3 Changes

StackKnack may add or replace Sub-processors. Operator may object to a new Sub-processor on reasonable data protection grounds.

6. DATA SUBJECT RIGHTS

StackKnack will:

  • notify Operator if it receives a data subject request;
  • not respond directly unless legally required;
  • assist Operator, where reasonably requested, in fulfilling data subject requests.

7. DATA SECURITY

StackKnack implements appropriate administrative, technical, and organizational measures designed to protect Personal Data against unauthorized access, loss, or disclosure.

8. PERSONAL DATA BREACHES

StackKnack will notify Operator without undue delay after becoming aware of a Personal Data Breach affecting Personal Data processed under this DPA and will provide reasonable assistance.

9. INTERNATIONAL DATA TRANSFERS

Personal Data may be processed in the United States or other jurisdictions. StackKnack will implement appropriate safeguards for international transfers as required by Applicable Data Protection Laws.

10. DATA RETURN AND DELETION

Upon termination of the Agreement or upon Operator's written request, StackKnack will:

  • delete or return Personal Data, at Operator's choice,
  • unless retention is required by law.

11. AUDIT RIGHTS

Operator may audit StackKnack's compliance with this DPA no more than once annually, upon reasonable notice, and subject to confidentiality and security restrictions.

12. LIMITATION OF LIABILITY

This DPA is subject to the limitation of liability provisions set forth in the Agreement. StackKnack's liability under this DPA shall not exceed the amounts specified in the Agreement.

13. CCPA / CPRA SERVICE PROVIDER TERMS

Where applicable:

  • StackKnack acts as a Service Provider under CCPA/CPRA;
  • StackKnack does not sell or share Personal Data;
  • StackKnack processes Personal Data solely to provide the Service.

14. ORDER OF PRECEDENCE

In the event of a conflict between this DPA and the Agreement, this DPA shall control with respect to data protection matters.

15. GOVERNING LAW

This DPA is governed by the same law and jurisdiction specified in the Agreement.

16. ACCEPTANCE

This DPA is incorporated by reference into the Agreement and becomes binding upon Operator's acceptance of the Agreement or use of the Service.