New to Boswell? Start your free trial

CLEVER CRAFT, LLC Data Processing Agreement

Last Updated: November 26, 2025

Using This DPA

This DPA has 2 parts: (1) the Key Terms on this Cover Page and (2) the Common Paper DPA Standard Terms Version 1.1 posted at commonpaper.com/standards/data-processing-agreement/1.1 ("DPA Standard Terms"), which is incorporated by reference. If there is any inconsistency between the parts of the DPA, the Cover Page will control over the DPA Standard Terms. Capitalized and highlighted words have the meanings given on the Cover Page. However, if the Cover Page omits or does not define a highlighted word, the default meaning will be "none" or "not applicable" and the correlating clause, sentence, or section does not apply to this DPA. All other capitalized words have the meanings given in the DPA Standard Terms or the Agreement.

Key Terms

The key legal terms of the DPA are as follows:

Agreement

This DPA supplements the following agreement: https://www.boswell.io/terms-of-service

Approved Subprocessors

Name: Amazon Web Services (AWS)
Country of location: United States
Anticipated processing task: Cloud infrastructure and data storage

Name: Heroku
Country of location: United States
Anticipated processing task: Application hosting

Name: Paddle
Country of location: United Kingdom
Anticipated processing task: Payment processing and billing

Name: Google Analytics
Country of location: United States
Anticipated processing task: Website analytics and usage tracking

Name: Fly.io
Country of location: United States
Anticipated processing task: Application hosting and deployment

Name: Backblaze
Country of location: United States
Anticipated processing task: Cloud storage (S3-compatible)

Provider Security Contact

hello@boswell.io

Security Policy

As defined in the Agreement.

Service Provider Relationship

To the extent California Consumer Privacy Act, Cal. Civ. Code ยง 1798.100 et seq ("CCPA") applies, the parties acknowledge and agree that Provider is a service provider and is receiving Personal Data from Customer to provide the Service as agreed in the Agreement and detailed below (see Nature and Purpose of Processing), which constitutes a limited and specified business purpose. Provider will not sell or share any Personal Data provided by Customer under the Agreement. In addition, Provider will not retain, use, or disclose any Personal Data provided by Customer under the Agreement except as necessary for providing the Service for Customer, as stated in the Agreement, or as permitted by Applicable Data Protection Laws. Provider certifies that it understands the restrictions of this paragraph and will comply with all Applicable Data Protection Laws. Provider will notify Customer if it can no longer meet its obligations under the CCPA.

Restricted Transfers
Governing Member State

EEA Transfers: Ireland

UK Transfers: England and Wales

Annex I(A) List of Parties

Data Exporter

  • Name: The Customer signing this DPA
  • Activities relevant to transfer: See Annex 1(B)
  • Role: Controller

Data Importer

  • Name: The Provider signing this DPA
  • Contact person: Brandon Casci, Owner
  • Address: 165 Middlesex Ave #1222, Somerville, MA 02145
  • Activities relevant to transfer: See Annex 1(B)
  • Role: Processor
Annex I(B) Description of Transfer and Processing Activities

Service

The Service is: Boswell client management platform

Categories of Data Subjects

Customer's end users or customers

Categories of Personal Data

  • Name
  • Contact information such as email, phone number, or address
  • Transactional information such as account information or purchases
  • Location information

Special Category Data

Is special category data (as defined in Article 9 of the GDPR) Processed? Yes

Special Category Data Restrictions or Safeguards: See Security Policy

Frequency of Transfer

Continuous

Nature and Purpose of Processing

  • Receiving data, including collection, accessing, retrieval, recording, and data entry
  • Holding data, including storage, organization, and structuring
  • Using data, including analysis, consultation, testing, automated decision making, and profiling
  • Protecting data, including restricting, encrypting, and security testing
  • Returning data to the data exporter or data subject

Duration of Processing

Provider will process Customer Personal Data as long as required (i) to conduct the Processing activities instructed in Section 2.2(a)-(d) of the Standard Terms; or (ii) by Applicable Laws.

Annex I(C) Competent Supervisory Authority

The supervisory authority will be the supervisory authority of the data exporter, as determined in accordance with Clause 13 of the EEA SCCs or the relevant provision of the UK Addendum.

Annex II Technical and Organizational Security Measures

See Security Policy

Signature

Provider and Customer have not changed the DPA Standard Terms except for the details on the Cover Page above. By signing this Cover Page, each party agrees to enter into this DPA as of the last date of signature below.

PROVIDER: CLEVER CRAFT, LLC

Legal Notice Address:
165 Middlesex Ave #1222, Somerville, MA 02145