This Data Processing Addendum ("DPA") forms part of the main agreement ("Agreement") between Bullseye ("Bullseye", "we", "us", or "our") and the customer ("Customer") for the provision of services by Bullseye (the "Services") as defined in the Agreement.
This DPA applies when Bullseye processes Personal Data on behalf of the Customer in connection with the provision of the Services. This DPA is subject to the terms of the Agreement and reflects the parties' agreement with regard to the processing of Personal Data.
The Customer is responsible for ensuring that the processing of Personal Data complies with all applicable data protection laws and regulations.
The Customer must provide clear instructions to Bullseye for the processing of Personal Data as required by applicable law.
Bullseye will only process Personal Data on behalf of the Customer in accordance with the Customer's documented instructions, including those set forth in the Agreement and this DPA.
Bullseye will ensure that all personnel authorized to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
Bullseye will implement and maintain appropriate technical and organizational measures to protect Personal Data from unauthorized access, loss, alteration, or disclosure.
Bullseye may engage Sub-processors to process Personal Data on behalf of the Customer. Bullseye will ensure that Sub-processors are subject to data protection obligations consistent with those set forth in this DPA.
Bullseye will remain liable for the actions and omissions of its Sub-processors.
| Name | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure hosting, email delivery (SES), message queuing (SQS), database hosting (RDS), monitoring (CloudWatch) | United States (us-east-1) |
| DigitalOcean | Application hosting, cloud infrastructure, object storage (Spaces) | United States (NYC region) |
| Stripe | Payment processing, subscription management, billing operations | United States |
| Clerk | User authentication, authorization, session management, organization management | United States |
| Cloudflare | Content delivery network (CDN), DNS management, caching, script delivery | Global (United States primary) |
| Supabase | Database hosting (PostgreSQL), webhook processing, data storage | United States (AWS us-east-1) |
| Google Ads | Advertising platform integration, audience management | United States (Global) |
| Meta (Facebook) Ads | Advertising platform integration, custom audience management | United States (Global) |
| OpenAI | AI-powered data matching and enrichment (GPT-4) | United States |
| Integration.app (Membrane) | Third-party integration platform, workflow automation, CRM connectivity | United States |
| EmbedWorkflow | Workflow automation and integration orchestration | United States |
| GitHub | Code repository, CI/CD, version control, secrets management | United States |
| Terraform Cloud / DigitalOcean Spaces | Infrastructure state management | United States |
Bullseye reserves the right to update this list of Sub-processors from time to time. Customers will be notified of any changes to Sub-processors that may affect the processing of their Personal Data.
Bullseye will assist the Customer in responding to requests from data subjects exercising their rights under applicable data protection laws (e.g., rights to access, rectification, erasure, and data portability).
In the event of a Personal Data breach, Bullseye will notify the Customer without undue delay after becoming aware of the breach. Bullseye will provide sufficient information to assist the Customer in meeting any obligations to report or inform data subjects of the breach.
All Personal Data processed by Bullseye is stored and handled within the United States. Bullseye maintains data centers and infrastructure exclusively in the USA to ensure data sovereignty and compliance with US data protection standards.
For customers subject to international data protection laws (such as GDPR), Bullseye will ensure that appropriate safeguards are in place, such as standard contractual clauses or other legally recognized mechanisms, to protect Personal Data.
The Customer has the right to audit Bullseye's compliance with the terms of this DPA, including inspecting facilities, systems, and records used to process Personal Data.
Upon termination of the Agreement, Bullseye will, at the Customer's choice, return or delete all Personal Data processed on behalf of the Customer, unless required by applicable law to retain the data.
This DPA shall be governed by and construed in accordance with the laws governing the Agreement.
For any questions regarding this DPA or Bullseye's data processing activities, please contact us at support@bullseye.so
Last updated: October 24, 2025
