New · HOT 100 RADAR 주간 예측 업데이트 Smart Link — Melon · Genie · Bugs · FLO · VIBE 자동 연결 RADIO RADAR · 1,345 stations 모니터링 Spotify RADAR · 73개국 일간 차트 Newsroom PR · 6개 언어 자동 번역 New · HOT 100 RADAR 주간 예측 업데이트 Smart Link — Melon · Genie · Bugs · FLO · VIBE 자동 연결 RADIO RADAR · 1,345 stations 모니터링 Spotify RADAR · 73개국 일간 차트 Newsroom PR · 6개 언어 자동 번역
Legal Center

Data Processing Agreement

Last updated: 2026-06-22 (KST) · Effective: 2026-06-17

한국어
This document is provided in Korean and English. In case of any conflict, the English version prevails.

This Data Processing Agreement ("DPA") forms part of the Terms of Service between the Customer and TAEON Branding Agency Pte. Ltd. ("Processor") and applies where the Processor processes personal data on the Customer's behalf. The Customer acts as controller (or equivalent), and SOUND.RADAR acts as processor, in respect of personal data of fans, business contacts, demo recipients, team members and other data subjects that the Customer enters into or processes through the Service.

1. Subject Matter and Roles

The Processor processes personal data only to provide the Service and on the Customer's documented instructions (including the Terms and the Customer's use of features). The Customer is responsible for the lawful basis, notices and consents for personal data it provides.

2. Purpose and Duration

Processing is carried out for the purpose of operating the Service (smart links, campaigns, reminders, analytics, demo sharing, newsroom, reward/receipt gates, AI features) for the duration of the Customer's use of the Service and any wind-down period.

3. Categories of Data and Data Subjects

Data subjects: fans/visitors, email subscribers, business contacts, demo recipients, press/PR inquirers, support requesters, and Customer team members. Data categories: contact details, email, analytics signals, receipt/verification data, demo access logs, and other data the Customer chooses to process.

4. Customer Obligations and Warranties

The Customer warrants that it has a lawful basis and all necessary notices/consents to provide and have processed the personal data of fans, business contacts, demo recipients and others, and that its instructions comply with applicable law. The Customer must not provide sensitive, children's, health, financial or government-identifier data without our prior written consent.

5. Processor Obligations

  • Process personal data only on documented instructions and as needed to provide the Service.
  • Ensure persons authorised to process are bound by confidentiality.
  • Apply appropriate technical and organisational measures (see Annex B and our Security Policy).
  • Assist the Customer, taking into account the nature of processing, with data-subject requests and with security, breach-notification and impact-assessment obligations.
  • Notify the Customer without undue delay after becoming aware of a personal-data breach affecting the Customer's data.
  • At the Customer's choice, delete or return personal data at the end of the services, subject to legal retention.
  • Make available information necessary to demonstrate compliance and allow for reasonable audits.

6. Sub-processors (Annex A)

The Customer authorises the use of sub-processors to provide the Service, including: Stripe (payments), Bunny CDN/Stream (media), our email provider (SMTP/Resend/Mailgun), Liveblocks (collaboration), Dynadot (domains), Cloudflare (security/geo), Google Safe Browsing (URL safety), Slack (support notifications), Meta/TikTok (per-link pixels/CAPI) and a geolocation fallback. We impose data-protection obligations on sub-processors and remain responsible for their performance. We will give notice of intended additions or replacements.

7. International Transfers

Where personal data is transferred outside Singapore or the data subject's jurisdiction, we apply contractual or equivalent safeguards (e.g. Standard Contractual Clauses) to ensure a comparable standard of protection.

8. Technical and Organisational Measures (Annex B)

One-way password hashing, optional 2FA, encryption in transit (HTTPS/TLS), access controls and role-based permissions, CSRF protection, bot/abuse protection, signed payment webhooks, hashing of analytics identifiers, audit logging, and minimisation of raw IP for public-page analytics. See our Security Policy.

9. Data-Subject Requests and Termination

We will assist the Customer in responding to data-subject requests (access, correction, deletion, portability, objection) as described in our Subject Access Request guidance. On termination, personal data is deleted or returned subject to legal retention.

10. Contact

To request a signed DPA or raise data-processing questions: contact@taeon.one.

© 2026 TAEON Branding Agency Pte. Ltd. · SOUND.RADAR · Legal Center · Home