Legal · Data Processing Addendum

Data Processing Addendum

This DPA governs how AZMTH processes fan personal data on behalf of our customers. It applies whenever AZMTH acts as a 'processor' under GDPR Art. 28, UK-GDPR, Swiss FADP, or as a 'service provider' under CPRA. Customers are the controllers of fan data; AZMTH only processes it on documented instructions.

Version 1.0 · Last updated: June 15, 2026

1. Definitions

  • “Customer” means the entity that has subscribed to the Service under the Terms of Service.
  • “AZMTH” means Elevate Environmental LLC, a Florida limited liability company doing business as AZMTH.
  • “Customer Personal Data” means personal data Customer or its end-fans submit to the Service that AZMTH processes on Customer's behalf — fan profiles, contribution records, contact details, preferences, etc.
  • “Data Protection Laws” means all laws applicable to the processing of personal data under this DPA, including the EU GDPR (Reg. 2016/679), UK GDPR, Swiss FADP, CPRA/CCPA, PIPEDA, LGPD, and any subsequent or replacing law.
  • “Sub-processor” means a third party engaged by AZMTH to process Customer Personal Data to provide the Service.
  • Other capitalized terms (“controller,” “ processor,” “data subject,” “ personal data,” “processing”) have the meanings given in the GDPR.

2. Roles

Customer is the controller of Customer Personal Data; AZMTH is the processor. Each party complies with its own obligations under Data Protection Laws.

Where Customer is itself a processor for an upstream controller (e.g., a label processing data on behalf of an artist who is itself the controller), AZMTH acts as a sub-processor; this DPA flows down through the chain on the same terms.

3. Scope and instructions

AZMTH will process Customer Personal Data only on documented instructions from Customer. The Terms of Service, this DPA, and Customer's use of Service features (e.g., importing a fan CSV, sending a Klaviyo campaign, configuring a pre-save) are documented instructions.

AZMTH will tell Customer if, in its opinion, an instruction violates Data Protection Laws (GDPR Art. 28(3), final paragraph), and may decline to follow it.

3.1 Subject matter and duration

Subject matter: provision of the Service. Duration: as long as the Customer's subscription is active, plus any post-termination retention permitted under Section 11.

3.2 Nature and purpose

AZMTH stores, retrieves, organizes, modifies, transmits, and deletes Customer Personal Data to operate the Service — including features that send transactional and marketing messages on Customer's instruction, generate analytics, process payments, and connect to Customer-authorized third-party platforms.

3.3 Categories of data subjects

  • Fans, supporters, and audience members of Customer
  • Ticket buyers
  • Merch customers
  • Podcast listeners
  • Donors / contributors via tip jars and fundraisers
  • Brand contacts, venue contacts, and other industry contacts Customer adds to the Service
  • Collaborators (writers, producers, session musicians)

3.4 Categories of personal data

  • Identity and contact: name, email, phone (E.164), postal city / country
  • Communication preferences and consent records
  • Contribution amounts, frequencies, and donation history (no full card numbers — those live in Stripe)
  • Engagement metadata: pages viewed, opens, clicks
  • External identifiers from connected platforms (Klaviyo profile ID, Mailchimp member ID, Eventbrite attendee ID, Bandcamp supporter ID, etc.)
  • Free-text fields the Customer or its fans put into the Service (notes, fan tags, custom fields)

3.5 Special categories

Customer should not submit special-category personal data (race, health, sexuality, religion, etc.) to the Service. AZMTH's features are not designed for it. If Customer does submit it, the responsibility under Art. 9 GDPR for having a lawful basis is Customer's.

4. Confidentiality

AZMTH will ensure that personnel authorized to process Customer Personal Data are bound by written confidentiality obligations and trained on data-protection responsibilities.

5. Security measures

AZMTH will implement and maintain appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of the art and the nature of the Customer Personal Data. The baseline measures are described in Annex 3 below and may be updated to maintain or improve security.

6. Personal-data breach

AZMTH will notify Customer without undue delay and in any event within 72 hours of becoming aware of a personal-data breach affecting Customer Personal Data. The notice will describe (to the extent known): the nature of the breach, categories and approximate number of data subjects and records affected, likely consequences, and measures taken or proposed to address it. AZMTH will assist Customer with its own breach-notification obligations.

7. Sub-processors

7.1 Authorization

Customer authorizes AZMTH to engage Sub-processors. The current list, including each Sub-processor's name, location, and processing purpose, is published at /legal/sub-processors (Annex 2 by reference).

7.2 Flow-down obligations

AZMTH will impose contractual data-protection obligations on each Sub-processor that are no less protective than this DPA, including confidentiality, security, breach notification, and assistance with data-subject requests.

7.3 Liability

AZMTH remains liable to Customer for the acts and omissions of its Sub-processors as if they were AZMTH's own.

7.4 Change notification

AZMTH will publish proposed Sub-processor changes (additions or replacements) on the public list at least thirty (30) days before the change takes effect, and will email account owners. Customer may object on reasonable data-protection grounds within the notice period; if the objection cannot be resolved by the parties, Customer may terminate the affected portion of the Service and receive a pro-rata refund.

8. International transfers

Where AZMTH transfers Customer Personal Data out of the EEA, UK, or Switzerland, the parties incorporate the EU Standard Contractual Clauses (Module 2 for controller-to-processor transfers; Module 3 for processor-to-processor where applicable), as set out in Commission Implementing Decision 2021/914, with the optional clauses, docking clause, and dispute-resolution forum completed as in Annex 1. The UK International Data Transfer Addendum and Swiss FADP equivalents apply where the underlying transfer originates from those jurisdictions.

9. Data-subject rights

AZMTH will provide Customer with reasonable assistance to respond to data-subject requests (access, rectification, deletion, restriction, portability, objection). Where AZMTH receives a request directly from a data subject, AZMTH will forward it to the Customer without responding to it (except to confirm receipt and direct the data subject to the Customer).

AZMTH provides built-in tools to help Customer respond: per-fan delete with cross-system removal, full-fidelity per-organization data export in JSON, and bulk PII export.

10. Data-protection impact assessments

AZMTH will provide reasonable assistance to Customer with data-protection impact assessments (Art. 35 GDPR) and prior consultations with supervisory authorities (Art. 36), considering the nature of the processing and the information available to AZMTH. Annex 3 provides the baseline information needed for most assessments.

11. Return or deletion

On termination of the Service, AZMTH will, at Customer's choice, delete or return all Customer Personal Data (and delete existing copies) within 30 days of termination, except to the extent retention is required by applicable law. After 30 days, AZMTH will delete by default. Backup copies age out of AZMTH's retention systems within 90 days.

12. Audit rights

AZMTH will make available to Customer all information reasonably necessary to demonstrate compliance with this DPA, including the most recent SOC 2 Type II report (when available), penetration-test summary, and the Annex 3 security overview. On reasonable advance written notice no more than once per year (or more frequently if required by a supervisory authority or following a breach), AZMTH will permit a third-party auditor selected by Customer (and not a competitor of AZMTH) to conduct an audit, at Customer's expense, subject to confidentiality obligations.

13. Liability and conflict

Liability under this DPA is subject to the limitations and exclusions in the Terms of Service. In case of conflict between this DPA and the Terms of Service with respect to the processing of Customer Personal Data, this DPA prevails.

14. Term and changes

This DPA takes effect when Customer accepts it (by signing up for the Service or by clicking through an “I agree” checkbox on the connect-flow consent gate) and remains in effect for the term of the Service. AZMTH may update this DPA on at least 30 days' notice; if the update materially reduces Customer's rights, Customer may terminate within the notice period.

15. Notices

DPA notices to AZMTH: privacy@azmth.app.
DPA notices to Customer: the email on file for the account owner.

16. AI Features and AI Sub-processor

AZMTH offers optional, Customer-invoked AI Features (collectively, “AI Features”) across the Service — for example smart fan segmentation, brand-deal rate-card suggestions, catalog gap analyzers, tour routing, contract reviewers, royalty-statement anomaly checks, release strategy drafts, and image generation for cover art. AI Features are off until Customer invokes them and can be disabled at the organization level in /settings/ai.

16.1 AI Sub-processor

AZMTH uses Anthropic, PBC (San Francisco, California, USA) as the AI Sub-processor that operates the Claude family of large language models used by AI Features. Anthropic is included in the public Sub-processor list at /legal/sub-processors and is bound by the flow-down obligations in Section 7. AZMTH may add or replace AI Sub-processors under the change procedure in Section 7.4.

16.2 Processing activities

When Customer invokes an AI Feature, AZMTH:

  • composes a prompt from the inputs Customer pointed the feature at (for example, Customer Personal Data attributes, catalog rows, contract excerpts, brand-kit JSON, or free-text notes);
  • transmits the prompt to the AI Sub-processor over an authenticated TLS connection;
  • receives the model output (text, structured JSON, or in some features an image) and surfaces it to Customer; and
  • writes a metered usage record (feature key, timestamp, organization, model identifier, credits deducted) to its billing systems. The prompt body and model output are not stored in that record.

16.3 Data minimization in AI prompts

AZMTH limits AI prompts to the inputs the feature requires. Specifically, AZMTH does not forward to the AI Sub-processor: fan email addresses, fan phone numbers, payment card numbers (those live in Stripe and never leave Stripe), government-ID numbers, or authentication credentials. Where an AI Feature operates on Customer Personal Data of fans (e.g., smart segmentation), AZMTH forwards only the aggregated attributes the feature requires (such as tier counts, lifecycle-stage distributions, or anonymized tags), never the underlying identifiers.

Customer remains responsible for the lawfulness of inputs it directs AZMTH to feed into an AI Feature (Section 3 instructions), including not submitting special-category personal data (Section 3.5).

16.4 No training on Customer Personal Data

AZMTH does not use Customer Personal Data, AI Feature inputs, or AI Feature outputs to train, fine-tune, or otherwise improve any machine-learning model, and does not provide such data to any third party for that purpose. Anthropic has committed under its commercial API terms not to train its foundation models on traffic from commercial customers.

16.5 Retention by the AI Sub-processor

Under Anthropic's commercial API terms, prompts and outputs are retained by Anthropic only for a short abuse-detection window (currently 30 days, subject to Anthropic's then-current commercial terms) and are then deleted from Anthropic's systems. AZMTH will update the Sub-processor page if the AI Sub-processor materially changes this retention commitment.

16.6 Retention by AZMTH

AZMTH does not maintain a long-term store of AI prompts or AI Outputs. Outputs Customer chooses to save into the Service (for example, a generated cover image saved to a release, a drafted post saved to the content queue) are treated as Customer Personal Data or Customer Content under this DPA and the Terms of Service and follow the deletion rules in Section 11. Short-lived application logs may include prompt or output fragments for up to seven (7) days for debugging. Metered usage records (without prompt body) are retained for the life of the account and then deleted under Section 11.

16.7 International transfers

The AI Sub-processor is established in the United States. Where AI Feature inputs include Customer Personal Data originating in the EEA, UK, or Switzerland, the EU Standard Contractual Clauses, the UK International Data Transfer Addendum, or the Swiss FADP equivalents (as applicable, per Section 8 and Annex 1) cover the transfer to the AI Sub-processor on the same module election as for the rest of the Service.

16.8 Data-subject rights

Where a data subject exercises rights (access, deletion, rectification) over Customer Personal Data that has been processed via an AI Feature, AZMTH's assistance under Section 9 includes: deletion of any AZMTH-side cached AI output tied to that data subject (e.g., per-fan AI summaries described in Section 17), and confirmation of the AI Sub-processor's abuse-window retention policy. Because AZMTH does not store prompts, there is no persistent prompt history to delete on AZMTH's side.

16.9 Advisory nature of AI Outputs

AI Features produce data outputs — drafts, summaries, suggestions, or scored ranks. They are advisory, not legal or financial advice and not decisions. Every action with financial, contractual, distribution, or fan-facing consequences requires Customer's separate, deliberate confirmation. Customer remains responsible for what it does with AI Outputs, including any Customer Personal Data derived from them. See Terms § 8 for the full treatment.

Annex 1 — Standard Contractual Clauses module election

For transfers from the EEA to a country without an adequacy decision, the parties incorporate the EU SCCs (Decision 2021/914) as follows:

  • Module 2 (controller-to-processor) where Customer is the controller of the transferred data.
  • Module 3 (processor-to-processor) where Customer is itself a processor for an upstream controller and AZMTH acts as Customer's sub-processor.
  • Clause 7 (docking clause): not used.
  • Clause 9 (sub-processors): Option 2, general written authorization. AZMTH publishes the Sub-processor list at /legal/sub-processors and provides 30 days' advance notice of changes.
  • Clause 11(a) (independent dispute resolution): the optional language is not included. Data subjects may bring complaints to the controller or the supervisory authority.
  • Clause 17 (governing law): the law of Ireland.
  • Clause 18(b) (forum): the courts of Ireland.
  • Annex I.A. Data Exporter: Customer.
    Data Importer: Elevate Environmental LLC (d/b/a AZMTH), a Florida limited liability company.
    Contact for both is the email on file plus privacy@azmth.app for AZMTH.
  • Annex I.B. Categories of data subjects, categories of personal data, sensitive data, frequency of transfer, nature, purpose, retention periods, and sub-processor information are described in Sections 3.3, 3.4, and 11 above and in the public Sub-processor list.
  • Annex I.C. The competent supervisory authority is the Irish Data Protection Commission.
  • Annex II. Technical and organizational measures: see Annex 3 below.

For transfers originating in the United Kingdom, the parties incorporate the UK's International Data Transfer Addendum to the EU SCCs (B.1.0) with the same elections. For Switzerland, the parties incorporate the Swiss FADP equivalents.

Annex 2 — Sub-processors

The current list of AZMTH-engaged Sub-processors is published at /legal/sub-processors. That page is incorporated into this DPA by reference and is updated per Section 7.4 above.

Annex 3 — Technical and organizational measures

Confidentiality

  • Postgres Row-Level Security (RLS) enforced on every customer-facing table; cross-tenant reads blocked at the database level
  • Role-based access control with a defined permission registry and least-privilege defaults
  • PII redaction by default in internal tooling; raw access requires a time-boxed elevation request approved by a Founder or Admin and is fully audit-logged
  • Personnel bound by written confidentiality and trained on data-protection responsibilities at hire and annually

Integrity

  • TLS 1.2+ in transit; AES-256 at rest
  • Webhook signing (HMAC-SHA256) on all incoming webhook deliveries
  • Audit log on every staff action against a customer account; logs retained 2 years

Availability and resilience

  • Daily encrypted database backups; 90-day rolling retention
  • Geographically redundant Postgres replicas
  • Documented incident-response runbook and on-call rotation with 24/7 paging on critical alerts
  • Tested restore procedures at least quarterly

Access controls

  • SSO with mandatory hardware-backed multi-factor authentication for all employees with production access
  • Quarterly access reviews; immediate revocation on offboarding
  • No long-lived production credentials in source control; secrets stored in a metadata-only registry with rotation tracking

Application security

  • Annual third-party penetration test on the public-facing Service
  • Automated dependency scanning in CI; high-severity findings patched within 14 days
  • Secure-development training for all engineers
  • Bug-bounty channel via security@azmth.app

Incident response

  • Documented severity matrix (S1–S4); S1 incidents page on-call within 5 minutes
  • Customer notification within 72 hours of breach awareness (Section 6 above)
  • Post-incident review within 14 days; corrective actions tracked to closure

Vendor management

  • Each Sub-processor reviewed for data-protection maturity before onboarding; signed DPA on file
  • Annual review of each Sub-processor's SOC 2 / ISO 27001 / equivalent

Pseudonymization, encryption, and minimization

  • Encryption at rest (AES-256) for all persisted data, including backups
  • Pseudonymization where practical (e.g., fan_external_identities stores opaque platform-side IDs rather than re-deriving identifying values)
  • Data-minimization defaults — staff PII access redacted by default, unredacted access is the exception

17. Automated processing — Fan Intelligence System

AZMTH operates a Fan Intelligence System that scores each fan profile from 0–100 and assigns a tier (Casual, Engaged, Superfan, Evangelist) and a lifecycle stage (Discoverer, Casual, Engaged, Superfan, Evangelist, At Risk, Churned, Reactivated). The score is recomputed whenever a fan's underlying activity changes and is used by the Customer (the artist or label) to prioritize outreach, segment messaging, and gate certain perks (e.g., presale ticket access, tier-restricted discount codes).

Inputs to the score

The score is a deterministic, weighted sum of six components:

  • Spend (30%) — lifetime spend in the artist's store and on tips/contributions, as a fraction of an industry-calibrated cap.
  • Frequency (15%) — total transaction count across merch orders, contributions, and membership renewals.
  • Engagement (15%) — weighted average of email open rate, email click rate, and SMS click rate, where signals are available.
  • Recency (15%) — bucketed by days since the most recent meaningful event (≤30, ≤90, ≤180, ≤365, >365).
  • Advocacy (15%) — blend of fans referred, tip count, and show-attendance count.
  • Network (10%) — connector-strength score derived from referrals, group orders, and shared shipping locations with other fans.

Decisions and their effects

The score and tier influence the following Customer-side decisions: which fans appear in segmented messaging campaigns, which fans the Customer is prompted to act on in the "What just happened" activity feed, eligibility for tier-gated perks the Customer chooses to offer (early-bird tickets, discount codes, comp tickets, VIP rewards). The score does not drive any AZMTH-side decision affecting the data subject (we do not refuse service, charge differently, or restrict platform features based on score).

Data subject rights

Under GDPR Art. 22, fans have the right not to be subject to a decision based solely on automated processing that produces legal effects or similarly significantly affects them. Because the score outputs are advisory (the artist retains discretion over every action), AZMTH does not consider the score "solely automated" under Art. 22(1). Nonetheless, fans can:

  • Request their current score, tier, lifecycle stage, and a plain-English breakdown of how each component contributed
  • Request that any automatically generated AI summary on their record be deleted or reset
  • Object to inclusion in tier-gated marketing campaigns

Requests go to privacy@azmth.app with the fan's email and the artist or label they support. We respond within 30 days per GDPR Art. 12.

AI-generated summaries

AZMTH generates a one-paragraph plain-English summary of each fan profile using Anthropic's Claude Haiku model. Summaries draw only on data already present in the fan profile (city, integration sources, transaction history) and are non-PII as displayed (no exact dollar amounts, no email addresses, no phone numbers). Summaries are cached and regenerated nightly or on tier crossings. Anthropic is listed as a Sub-processor on /legal/sub-processors.

Score history retention

Score events (every recomputation, with the breakdown frozen at compute time) are retained for 24 months for transparency and audit, then aggregated and anonymized. Scores can be replayed against any historical formula version so a fan's objection or correction request can be evaluated against the math active at the time.

Version history

  • v1.0 · June 15, 2026

    Initial publication.