Legal
Data Processing Addendum
Effective April 29, 2026
1. Scope
This Data Processing Addendum ("DPA") supplements the Radar House Terms of Service and applies whenever Radar House processes personal data of EU, UK, or California residents on your behalf as part of providing the Service. It is incorporated automatically into your subscription and does not require a separate signature.
2. Roles
For data you submit to the Service (your account data, lists, saved searches, and notes), you are the "Controller" and Radar House (operated by OVO Talent) is the "Processor." For public creator data we surface from third-party platforms, Radar House is the independent Controller of that data.
3. Subject matter and duration
We process personal data only for the duration of your subscription and only to the extent required to provide the Service (account access, billing, list management, search history, support).
4. Subprocessors
We engage the following subprocessors to deliver the Service:
- Vercel — application hosting (US)
- Supabase — database and authentication (US)
- Whop — payment processing (global)
- ScrapeCreators — public creator data ingestion (US)
We will give you 30 days’ notice (by email or in-product) before adding a new subprocessor. If you object, you may terminate your subscription within 30 days for a pro-rated refund.
5. Security
We implement appropriate technical and organizational measures to protect personal data, including TLS in transit, encryption at rest, row-level security policies, least-privilege access, and 2FA-gated production access. See our security page for details.
6. International transfers
Where personal data is transferred from the EEA, UK, or Switzerland to the United States, we rely on the Standard Contractual Clauses (Module Two: Controller to Processor) issued by the European Commission. The UK International Data Transfer Addendum applies for UK transfers, and the Swiss FDPIC’s adapted SCCs apply for Swiss transfers.
7. Data subject rights
We will assist you in responding to requests from data subjects to access, correct, port, or delete their personal data. Most requests can be served from the user’s own settings page; for assistance, email hello@radarhouse.app.
8. Breach notification
If we become aware of a personal data breach affecting your data, we will notify you without undue delay and within 72 hours of becoming aware, and provide reasonable assistance with your own notification obligations.
9. Deletion and return
On termination of your subscription, we delete or return your personal data within 30 days, except where retention is required by law (for example, billing records held by Whop).
10. Audit
On reasonable written request, and no more than once per year, we will provide a summary of our most recent third-party security audit (inheriting from our infrastructure providers’ SOC 2 Type II reports).
11. Liability
Each party’s liability under this DPA is subject to the limitations set forth in the Terms of Service.
12. Conflicts
In the event of any conflict between this DPA and the Terms of Service, this DPA controls with respect to the processing of personal data.