Quibo
Sign inStart free

Data Processing Agreement

Last updated: May 2026

This Data Processing Agreement ("DPA") forms part of the agreement between you ("Customer", the data controller) and Quibo ("Processor"). It governs the processing of personal data on your behalf when you use our Service. By using Quibo, you accept this DPA; Business and Enterprise customers may request a counter-signed copy.

1. Roles

For personal data Customer submits to the Service (e.g. content authored by Customer's end users, sites' visitor data inferred from connected pages), Customer is the controller and Quibo is the processor. For Customer's own account data (employee email, billing), Quibo is the controller; see the Privacy Policy.

2. Subject matter and duration

The processing covers personal data submitted to the Service for the purpose of generating, scheduling, and publishing content. Processing lasts for the term of the agreement plus retention periods set in our Privacy Policy.

3. Categories of data

  • Identification: email, name (optional).
  • Content provided by Customer: keywords, articles, brand profiles, image references.
  • Connected-site authentication tokens, encrypted.
  • Usage telemetry, audit logs.

4. Sub-processors

Customer authorizes the use of the sub-processors listed at /security#sub-processors. We will give 30 days notice (via email to Owners) before adding a new sub-processor; Customer may object on legitimate grounds, in which case Customer may terminate the affected services.

5. International transfers

Where processing occurs outside the EU/EEA, we rely on the EU Commission's Standard Contractual Clauses (Module 2 — controller to processor) and conduct a transfer impact assessment.

6. Security measures

See /security for the technical and organizational measures we implement.

7. Personal-data breach

We will notify Customer without undue delay (and in any case within 48 hours) after becoming aware of a personal-data breach affecting Customer data, with sufficient information to enable Customer to comply with its own notification obligations.

8. Data subject requests

Customer can self-serve access, deletion, and export from /app/settings/privacy. We will assist Customer in responding to data subject requests, taking into account the nature of the processing.

9. Audits

We provide annual SOC 2-type independent audits to Business and Enterprise customers under NDA. Customer can request additional information by writing to dpo@quibo.cc.

10. Termination

On termination, we delete or return personal data within 30 days of the request, except where retention is required by law (audit logs, tax records).

Signing

Business and Enterprise customers can request a counter-signed PDF version. Email legal@quibo.cc.