Data Processing Addendum
Last updated: June 3, 2026
How This Addendum Applies
This Data Processing Addendum ("DPA") is Boondoggle's standard customer data-processing addendum. It applies only when it is incorporated into an order form, master services agreement, cloud services agreement, online terms, or other written agreement between Boondoggle and a customer.
If a signed agreement between Boondoggle and a customer includes a different data-processing addendum, that signed addendum controls for the covered customer account.
Roles
For personal data submitted to Boondoggle by or on behalf of a customer, the customer is generally the controller, business, or equivalent decision-maker, and Boondoggle is generally the processor, service provider, or equivalent service provider. Boondoggle may act as an independent controller for limited account, website, billing, security, and business operations data as described in our Privacy Policy.
Customer Instructions
Boondoggle will process customer personal data only to provide, secure, support, and improve the service; operate customer-enabled integrations; comply with law; and follow documented customer instructions in the applicable agreement. The customer is responsible for ensuring it has the rights, notices, permissions, and lawful bases required to provide personal data to Boondoggle.
Processing Details
| Subject matter | Providing Boondoggle as a live operations workspace for high-touch events. |
|---|---|
| Duration | The term of the applicable customer agreement, plus any lawful retention or deletion period. |
| Data subjects | Customer users, sponsor contacts, attendees, companions, vendors, event staff, and other people included in customer event records. |
| Personal data | Names, contact details, organization and role information, event participation, lodging and activity selections, dietary or accommodation details, billing metadata, files, support messages, audit records, and integration metadata. |
| Processing activities | Hosting, storing, transmitting, displaying, securing, supporting, analyzing, troubleshooting, deleting, exporting, and otherwise processing customer data to provide Boondoggle. |
Confidentiality and Security
Boondoggle will require personnel who access customer personal data to protect it in confidence. Boondoggle will maintain reasonable technical and organizational measures designed to protect customer personal data against unauthorized access, loss, misuse, alteration, and disclosure. More detail is available on our Security page.
Subprocessors
Customer authorizes Boondoggle to use subprocessors to provide the service. Boondoggle remains responsible for its subprocessors' performance of Boondoggle's obligations under this DPA. Our current public list is available on the Subprocessors page.
Where required by an applicable agreement, Boondoggle will provide notice of material subprocessor changes and an opportunity to object as stated in that agreement.
Assistance
Taking into account the nature of the processing and the information available to Boondoggle, Boondoggle will provide reasonable assistance with customer obligations related to data-subject requests, security, breach notifications, data protection impact assessments, and regulator consultations where required by applicable law and the customer agreement.
Deletion and Return
On written request after termination or expiration of the applicable agreement, Boondoggle will delete or return customer personal data within a reasonable period, unless retention is required by law, needed for legitimate business records, or maintained in backups until ordinary backup expiration.
Audits
Boondoggle will provide reasonable information needed to demonstrate compliance with this DPA. Any customer audit must be scoped, confidential, scheduled in advance, and conducted in a way that does not compromise Boondoggle security, other customers' data, or normal service operations.
International Transfers
Boondoggle operates from the United States and may use subprocessors in the United States and other countries. Where transfer safeguards are required by applicable data protection law, the parties will use the applicable standard contractual clauses or other legally recognized transfer mechanism.
U.S. State Privacy Laws
- Boondoggle will not sell customer personal data submitted through the service.
- Boondoggle will not share customer personal data for cross-context behavioral advertising unless the customer has enabled a feature or integration that requires it and appropriate notices and choices are in place.
- Boondoggle will process customer personal data only for permitted business purposes under the applicable agreement.
- Boondoggle will not retain, use, or disclose customer personal data outside the direct business relationship except as permitted by law.
Conflict
If this DPA conflicts with the applicable customer agreement, this DPA controls only for the processing of covered personal data. The applicable customer agreement controls all other matters.
Contact
To request a signed DPA or discuss a customer-specific data-processing requirement, contact hello@boondoggle.events.