Data Processing Addendum (DPA)

For Chimera Holdings LLC

Last updated: January 1, 2026

This Data Processing Addendum (“DPA”) supplements the Privacy Policy and Terms of Service and applies when Chimera Holdings LLC processes personal data on behalf of users, customers, or clients.

 

Definitions

  • “Personal Data”: Any information relating to an identifiable individual.
  • “Processing”: Any operation performed on Personal Data.
  • “Controller”: The entity determining the purpose of data processing (you).
  • “Processor”: The entity processing data on behalf of the Controller (Chimera Holdings LLC).

 

Scope of Processing

We may process Personal Data for:

  • Account creation and authentication
  • E‑commerce transactions
  • Workflow automation
  • AI‑powered tools and content generation
  • Customer support
  • Analytics and performance optimization

We process data only according to documented instructions provided by the Controller.

 

Responsibilities of Chimera Holdings LLC (Processor)

We will:

  • Process Personal Data only as necessary to provide Services
  • Maintain appropriate technical and organizational security measures
  • Ensure personnel with access to data are bound by confidentiality
  • Assist the Controller with data access, correction, or deletion requests
  • Notify the Controller of data breaches without undue delay
  • Not subcontract processing without appropriate safeguards

 

Responsibilities of the Controller

You agree to:

  • Ensure you have the legal right to provide Personal Data
  • Not submit sensitive or regulated data unless required
  • Provide accurate instructions for processing
  • Maintain compliance with applicable data protection laws

 

Sub‑Processors

We may use third‑party service providers for:

  • Hosting
  • Payment processing
  • AI model execution
  • Workflow automation
  • Analytics

We ensure sub‑processors follow comparable data protection standards.

 

International Data Transfers

Data may be processed in multiple countries. We use reasonable safeguards to protect data during international transfers.

 

Data Retention

We retain Personal Data only as long as necessary to:

  • Provide Services
  • Comply with legal obligations
  • Resolve disputes
  • Improve workflows and AI systems (in anonymized form)

 

Security Measures

We implement:

  • Encryption where appropriate
  • Access controls
  • Secure hosting environments
  • Regular audits and monitoring

 

Termination

Upon termination of Services, we will:

  • Delete or return Personal Data upon request
  • Retain only what is legally required

 

Updates

We may update this DPA to reflect changes in laws or our Services.