Amplifi Logo

Data Processing Addendum

Effective Date: March 23, 2026 | Disruptive Technologies, LLC

1. Introduction

This Data Processing Addendum ("DPA") forms part of the agreement between Disruptive Technologies, LLC ("Processor") and the subscribing entity ("Controller") for use of the Amplifi platform. This DPA governs the processing of personal data by the Processor on behalf of the Controller.

2. Definitions

  • "Personal Data" means any information relating to an identified or identifiable natural person, as defined under applicable data protection laws.
  • "Processing" means any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.
  • "Controller" means the entity that determines the purposes and means of processing Personal Data (typically, the Amplifi subscriber).
  • "Processor" means Disruptive Technologies, LLC, acting on instructions from the Controller.
  • "Sub-processor" means any third party engaged by the Processor to process Personal Data on its behalf.

3. Scope of Processing

The Processor will process Personal Data only as necessary to provide the Amplifi platform and related services, strictly in accordance with documented instructions from the Controller. The categories of Personal Data processed may include:

  • Business contact information (name, email, title, organization)
  • Loan application data and supporting financial documents
  • Borrower information uploaded by the Controller
  • Platform usage and activity logs

4. Controller's Responsibilities

The Controller represents and warrants that:

  • It has a lawful basis for collecting and processing Personal Data.
  • It has provided all necessary notices and obtained all required consents from data subjects.
  • Its instructions to the Processor comply with applicable data protection laws.

5. Processor's Obligations

The Processor agrees to:

  • Process Personal Data only on the documented instructions of the Controller.
  • Implement appropriate technical and organizational security measures.
  • Ensure that all personnel with access to Personal Data are subject to confidentiality obligations.
  • Notify the Controller without undue delay upon becoming aware of a Personal Data breach.
  • Assist the Controller in responding to data subject rights requests.
  • Delete or return all Personal Data to the Controller upon termination of services, as instructed.

6. Sub-processors

The Processor may engage third-party sub-processors to assist in delivering the services. The Processor will enter into written agreements with all sub-processors that impose data protection obligations no less stringent than those set forth in this DPA. A list of current sub-processors is available upon request at legal@amplifi.io.

7. International Data Transfers

If Personal Data is transferred outside of the jurisdiction in which it was collected, the Processor will ensure that such transfers are made in accordance with applicable data protection laws, including through the use of appropriate safeguards such as standard contractual clauses where required.

8. Security

The Processor maintains industry-standard security measures including, but not limited to:

  • Encryption of data in transit and at rest
  • Access controls and role-based permissions
  • Regular security assessments and vulnerability management
  • Incident response and breach notification procedures

9. Data Retention and Deletion

The Processor will retain Personal Data for the duration of the service agreement. Upon termination or upon written request from the Controller, the Processor will delete or anonymize Personal Data within 90 days, except where retention is required by applicable law.

10. Audit Rights

The Controller may request evidence of the Processor's compliance with this DPA, including by reviewing applicable certifications, audit reports, or other documentation. The Processor will cooperate with reasonable audit requests.

11. Liability

Each party's liability under this DPA is subject to the limitations set forth in the applicable subscription agreement or Terms of Service between the parties.

12. Governing Law

This DPA is governed by the laws of the State of Florida.

13. Contact

Data protection inquiries: legal@amplifi.io