CClinch← Back to home

Legal

Data Processing Addendum

Last updated: June 17, 2026

This Data Processing Addendum (“DPA”) is part of the Terms of Service between Nicolas Yenikomshian (Emerald Solutions, a sole proprietorship) (“Clinch,” “Processor”) and the business customer (“Customer,” “Controller”) and applies to Clinch’s processing of Personal Data on the Customer’s behalf. If there is a conflict on data-protection matters, this DPA controls.

1. Definitions

“Personal Data,” “Controller,” “Processor,” “Processing,” and “Data Subject” have the meanings under applicable data protection laws (including the CCPA/CPRA and, where applicable, the GDPR). “Customer Personal Data” means Personal Data within Customer Data that Clinch processes on the Customer’s behalf.

2. Roles & scope

The Customer is the Controller and Clinch is the Processor. Clinch processes Customer Personal Data only to provide the Service and on the Customer’s documented instructions (the Terms, the Order Form, and use of the Service), unless required by law.

3. Customer obligations

The Customer warrants it has a lawful basis and all necessary rights, notices, and consents to provide Customer Personal Data and to instruct Clinch to process it, and that its instructions comply with law.

4. Clinch obligations

Clinch will process only as instructed; ensure personnel with access are bound by confidentiality; implement appropriate security measures (Section 6); not sell Customer Personal Data; and assist the Customer, given the nature of processing, with security, breach notification, data-subject requests, and impact assessments, as applicable.

5. Sub-processors

The Customer authorizes Clinch to use sub-processors (for example: AI model provider, database and application hosting, authentication). Clinch imposes data-protection obligations substantially as protective as this DPA, remains responsible for their performance, makes the current list available on request, and gives reasonable notice of new sub-processors so the Customer may object on reasonable grounds.

6. Security measures

Clinch maintains industry-standard measures appropriate to the risk: encryption in transit and at rest; logical tenant isolation; role-based, least-privilege access; and logging and monitoring. Measures may evolve but will not materially decrease overall protection during the term.

7. Personal-data breach

Clinch will notify the Customer without undue delay after becoming aware of a breach affecting Customer Personal Data and provide information reasonably available to help the Customer meet its obligations.

8. Data-subject requests

Where legally required and technically feasible, Clinch will assist the Customer in responding to data-subject requests. If Clinch receives such a request directly, it will refer the Data Subject to the Customer.

9. International transfers

Where data is transferred across borders, the parties will rely on a lawful transfer mechanism as required by law. Clinch operates primarily in the United States.

10. Deletion & return

On termination, Clinch will delete or return Customer Personal Data within a commercially reasonable period as described in the Terms, except where retention is required by law.

11. Audits

On reasonable written request, no more than once per year, Clinch will provide information reasonably necessary to demonstrate compliance, subject to confidentiality and minimizing disruption.

12. Liability

Each party’s liability under this DPA is subject to the limitations of liability in the Terms.

13. Contact

Data-protection questions: emeraldsolutions2026@gmail.com — Nicolas Yenikomshian (Emerald Solutions, a sole proprietorship), operating Clinch.

This page is a plain-language posting of our data processing addendum. The version attached to a signed Order Form is the controlling document. Questions? Email emeraldsolutions2026@gmail.com.