Legal
Data Processing Agreement
Last updated: April 7, 2026
This page summarizes the standard data processing terms for customers using Amazon Ads Optimizer. A signed DPA can be requested at info@baoks.de.
1. Scope of Processing
Baoks UG (haftungsbeschränkt) processes customer account data, Amazon Advertising data, billing data, and service metadata solely for the provision of the software service, support, security, and legal compliance.
2. Categories of Data
- Account data such as name, email address, and authentication metadata
- Amazon Data synced through the Amazon Ads API
- Billing and subscription records
- Support and operational logs required to secure and operate the service
3. Subprocessors
| Subprocessor | Purpose | Location |
|---|---|---|
| Supabase Inc. | Database, authentication, storage | USA |
| Vercel Inc. | Application hosting and delivery | USA |
| Stripe Inc. | Payment processing | USA |
| Amazon Web Services / Amazon Advertising | Amazon Ads API access and related infrastructure | USA |
4. Technical and Organizational Measures
- Encryption of Amazon refresh tokens at rest using AES-256-GCM
- Access control based on least privilege
- Tenant isolation enforced at the database level
- Logging, rate limiting, and monitoring for abuse prevention and incident response
- Secure deployment infrastructure and authenticated access to administrative systems
5. Breach Notification
We maintain a documented process for security incident response. If we confirm a personal data breach or misuse of Amazon Data affecting customer data, we will notify affected customers without undue delay and in accordance with applicable law and Amazon partner requirements.
6. Audit and Cooperation
Upon reasonable request, we provide information necessary to demonstrate compliance with our data protection obligations and cooperate with customer privacy inquiries related to the services covered by this agreement.