Data Processing Agreement
These policies apply to all Soundside Design LLC products including soundside.ai and hackthemarket.ai.
Last Updated: February 24, 2026
This Data Processing Agreement ("DPA") forms part of the agreement between Soundside Design LLC ("Processor") and the entity or individual using our services ("Controller").
This DPA applies when Soundside Design LLC processes Personal Data on behalf of the Controller in the course of providing its platform and related services, including access through the Model Context Protocol (MCP).
1. Definitions
- "Personal Data" means any information relating to an identified or identifiable natural person.
- "Processing" means any operation performed on Personal Data.
- "Controller" means the entity that determines the purposes and means of Processing (you, the customer).
- "Processor" means the entity that processes Personal Data on behalf of the Controller (Soundside Design LLC).
- "Sub-processor" means a third party engaged by the Processor to process Personal Data.
2. Scope and Purpose of Processing
The Processor processes Personal Data solely to provide services as described in the Terms of Service, including:
- Authenticating users and managing account sessions.
- Executing tool calls on behalf of the Controller.
- Transmitting data to Sub-processors for content generation.
- Storing generated assets and maintaining usage/billing records.
- Returning tool results to MCP-compatible clients.
3. Processor Obligations
The Processor shall:
- Process Personal Data only on documented instructions from the Controller.
- Ensure authorized persons have committed to confidentiality.
- Implement appropriate security measures, including encryption in transit and at rest, row-level database security, and access controls.
- Assist the Controller in responding to Data Subject requests.
- At the Controller's choice, delete or return all Personal Data upon termination.
4. Sub-processors
| Sub-processor | Purpose | Location |
|---|---|---|
| Supabase Inc. | Authentication, database, storage | United States |
| Google Cloud Platform | Storage, compute, Vertex AI generation | United States |
| Luma Labs Inc. | Image and video generation | United States |
| MiniMax Technology | Video and music generation | China / United States |
| xAI Corp. | Image and video generation (Grok) | United States |
| ElevenLabs Inc. | Audio and voice generation | United States |
| Anthropic PBC | Text generation and content evaluation | United States |
| Stripe Inc. | Payment processing | United States |
5. Data Subject Rights
The Processor shall assist the Controller in fulfilling requests for access, rectification, erasure, portability, restriction, and objection.
Requests may be submitted to info@soundsidedesign.com.
6. Data Breach Notification
The Processor shall notify the Controller within 72 hours of becoming aware of a personal data breach.
7. International Transfers
Where Personal Data is transferred outside the Controller's jurisdiction, the Processor shall ensure appropriate safeguards are in place.
8. Term and Termination
Upon termination, the Processor shall delete or return all Personal Data within 30 days, except where retention is required by law.
9. Governing Law
This DPA shall be governed by the laws of the State of Washington, United States, consistent with the Terms of Service.
10. Contact
For questions, contact us at info@soundsidedesign.com.