ClipLedger
Main navigation
How It WorksFeaturesWhy ClipLedgerPricing
Start for free

Data Processing Agreement (DPA)

Last updated: March 2026

This Data Processing Agreement ("DPA") forms part of the Terms of Service between the user of ClipLedger ("Customer") and Marmalade skies s.r.o. ("Provider").

This DPA applies when the Customer uses ClipLedger to process personal data subject to the General Data Protection Regulation (GDPR).

This Data Processing Agreement may be provided in multiple languages for convenience. In case of any discrepancies, the English version shall prevail.

1. Parties

Controller

The Customer using the ClipLedger service.

Processor

Marmalade skies s.r.o.
IČO: 24372901
Bělehradská 858/23
120 00 Praha
Czech Republic

The Provider processes personal data on behalf of the Customer in order to provide the ClipLedger service.

2. Subject Matter of Processing

The processing activities covered by this DPA include providing the ClipLedger platform for:

  • managing creator campaigns
  • storing campaign configuration data
  • processing submitted video links
  • calculating creator payouts based on public video statistics.

3. Categories of Personal Data

Depending on how the Customer uses the Service, the following data may be processed:

  • email addresses
  • user display names
  • authentication identifiers
  • creator channel URLs or usernames
  • video URLs submitted to campaigns
  • technical metadata such as IP addresses.

ClipLedger does not intentionally process special categories of personal data.

4. Categories of Data Subjects

Personal data processed through the Service may relate to:

  • campaign owners
  • creators participating in campaigns
  • users of the ClipLedger platform.

5. Purpose of Processing

The Provider processes personal data only for the purpose of:

  • operating the ClipLedger platform
  • enabling campaign management features
  • retrieving public video statistics from third-party platforms
  • calculating campaign payouts
  • maintaining system security and abuse prevention.

6. Processor Obligations

The Provider shall:

  • process personal data only according to the documented instructions of the Customer
  • ensure that persons authorized to process data are subject to confidentiality obligations
  • implement appropriate technical and organizational security measures
  • assist the Customer in responding to data subject requests where applicable
  • notify the Customer without undue delay in the event of a personal data breach affecting the Service.

7. Subprocessors

The Customer authorizes the Provider to engage subprocessors necessary to operate the Service.

The following subprocessors are currently used:

Vercel

  • Service provided: Application hosting and infrastructure
  • Data processed: Application data, uploaded documents, metadata
  • Processing location: Germany (EU region)
  • International transfer safeguard: Not applicable (EEA processing)

Resend

  • Service provided: Transactional email delivery
  • Data processed: Email addresses, notification content
  • Processing location: United States (where applicable)
  • International transfer safeguard: Standard Contractual Clauses or other appropriate safeguards

Stripe

  • Service provided: Subscription billing and payment processing
  • Data processed: Billing identifiers, payment status, subscription information
  • Processing location: United States and/or European Union
  • International transfer safeguard: Standard Contractual Clauses or other appropriate safeguards

Upstash

  • Service provided: Rate limiting and caching infrastructure (Redis)
  • Data processed: IP addresses and technical request identifiers used for abuse prevention
  • Processing location: Germany (Frankfurt, EU region - eu-central-1)
  • International transfer safeguard: Not applicable (EEA processing)

Google

  • Services provided: Authentication (Google OAuth) and YouTube API access
  • Data processed: Authentication identifiers, publicly available video metadata
  • Processing location: Global infrastructure operated by Google
  • International transfer safeguard: Standard Contractual Clauses or other appropriate safeguards

The Provider may update this list of subprocessors as necessary to operate the Service.

8. International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), the Provider ensures that appropriate safeguards are in place, including the use of Standard Contractual Clauses or other mechanisms permitted under GDPR.

9. Security Measures

The Provider implements reasonable technical and organizational measures to protect personal data, including:

  • encrypted connections (HTTPS)
  • access control to infrastructure systems
  • secure cloud infrastructure providers
  • monitoring and abuse prevention mechanisms.

10. Data Retention

Personal data is retained only for as long as necessary to provide the Service or as required by applicable law.

Customers may request deletion of their account and associated personal data by contacting hello@marmaladeskies.dev.

11. Term and Termination

This DPA remains in effect for as long as the Customer uses the ClipLedger service.

Upon termination of the Service, personal data will be deleted or returned in accordance with applicable law and the Provider's data retention policies.

12. Governing Law

This DPA shall be governed by the laws of the Czech Republic.