NicheMatcher

Data Processing Agreement

Last updated: March 2026

1. Parties

This Data Processing Agreement ("DPA") is between NicheMatcher ("Processor") and the organisation using the NicheMatcher service ("Controller"). It applies to the processing of personal data by NicheMatcher on behalf of the Controller in connection with the NicheMatcher service.

2. Scope and Purpose

NicheMatcher processes personal data — specifically, email addresses, names, and usage data — solely to provide the contracted services. We act as a data processor on behalf of the Controller and do not process personal data for our own purposes beyond service delivery.

3. Data Security

NicheMatcher implements appropriate technical and organisational measures to protect personal data, including encryption in transit (TLS) and at rest, role-based access control, audit logging, and regular security reviews.

4. Sub-processors

NicheMatcher uses the following sub-processors:

  • Neon (database hosting — US)
  • Clerk (authentication — US)
  • Vercel (application hosting — global edge)
  • Stripe (payment processing — US)

Each sub-processor is bound by equivalent data protection obligations.

5. Data Transfers

Data is stored and processed in the United States. For EEA/UK customers, we rely on Standard Contractual Clauses (SCCs) for cross-border data transfers. A copy of applicable SCCs is available on request.

6. Data Subject Rights

NicheMatcher will assist the Controller in responding to data subject requests (access, rectification, erasure, portability) within a commercially reasonable timeframe, and no later than 30 days from receipt of the request.

7. Breach Notification

NicheMatcher will notify the Controller of any personal data breach without undue delay and within 72 hours of becoming aware, where feasible. Notification will include the nature of the breach, categories of data affected, and steps taken to address it.

8. Termination and Deletion

Upon termination of the service, NicheMatcher will delete all personal data within 30 days unless retention is required by applicable law.

9. Contact

DPA enquiries: privacy@nichematcher.com