Data Processing Agreement

This Data Processing Agreement ("DPA") forms part of the agreement between the customer ("Controller," "you") and ImoFrame("Processor," "we," "us") for use of the ImoFrame service at imoframe.com.

This DPA applies when you upload or otherwise provide personal data through the Service and we process that data on your behalf, for example when your listing photos or account data include information relating to identifiable individuals.

You act as the Controller of personal data you submit to the Service.ImoFrame acts as Processor and will process personal data only on your documented instructions, as described in the Terms of Service, this DPA, and your use of product features.

Subject matter: provision of AI-assisted property video tour generation and related account, billing, and support services.

Duration: for the term of your subscription or use of the Service, plus any retention period described in our Privacy Policy or required by law.

Processing activities may include:

• Storage and transmission of uploaded listing photos
• AI-based video generation and export delivery
• User authentication, account management, and billing
• Support, security monitoring, and service improvement

Categories of personal data: account identifiers, contact details, authentication data, usage metadata, uploaded content that may contain personal data, and generated outputs linked to your account.

Categories of data subjects: your employees, contractors, clients, property occupants, or other individuals whose data you upload or whose information appears in listing materials.

ImoFrame will:

• Process personal data only on documented instructions from the Controller, unless required by law
• Ensure personnel authorized to process personal data are bound by confidentiality obligations
• Implement appropriate technical and organizational security measures
• Not engage another processor without informing the Controller and ensuring equivalent protections
• Assist the Controller with data subject requests where reasonably possible
• Delete or return personal data after end of services, subject to legal retention requirements

You authorize us to use sub-processors necessary to provide the Service. Current categories include cloud hosting, email delivery, and AI inference providers. A current list is available on request at hello@imoframe.com.

We will impose data protection obligations on sub-processors that are no less protective than those in this DPA. We remain responsible for sub-processor performance of their obligations.

We maintain measures such as access controls, encrypted transport (HTTPS), logical separation of customer data, monitoring, and restricted internal access on a need-to-know basis. Details are available upon reasonable request.

We will notify you without undue delay after becoming aware of a personal data breach affecting your data processed under this DPA, and provide information reasonably required for you to meet your regulatory obligations.

Upon reasonable written request, we will provide information necessary to demonstrate compliance with this DPA and allow audits conducted by you or an independent auditor, subject to confidentiality, frequency limits, and minimal business disruption.

Where personal data is transferred outside the EEA, UK, or Switzerland, we will implement appropriate safeguards, such as Standard Contractual Clauses or equivalent mechanisms, where required by applicable law.

Liability under this DPA is subject to the limitations and exclusions set out in the Terms of Service, except where prohibited by applicable data protection law.

If there is a conflict between this DPA and the Terms of Service regarding the processing of personal data, this DPA prevails to the extent of the conflict.

For DPA or privacy requests, contact hello@imoframe.com.

To execute a signed version of this DPA for your organization, email hello@imoframe.com with your company name and billing contact.