Cause Shield — Data Processing Agreement

01Parties and definitions

The “Customer” is the legal entity identified in the order form (“[Customer Legal Name]”). Cause Shield is the “Processor”. “Personal Data” means donor data and any other personal data the Customer instructs Cause Shield to process. “Data Subjects” are donors, supporters, event registrants, and the Customer’s authorised users.

02Subject matter and duration

Cause Shield processes Personal Data on behalf of the Customer for fraud detection, uptime monitoring, traffic analytics, and security scanning, for the duration of the Customer’s subscription to the Cause Shield service.

03Nature and purpose

Processing activities include fraud scoring of donation events, classification of inbound webhook payloads, alerting on suspicious activity, dashboarding of aggregated metrics, and generation of plain-English summary emails and security reports.

04Categories of data

• SHA-256 hashed donor email address and donor name (per-organisation pepper).
• Donation amount, currency, and timestamp.
• IP-derived country code (raw IP is dropped after derivation).
• User-agent fingerprint hash.
• Transaction metadata from Stripe and donation-platform webhooks.
• Customer staff email address and authentication identity (via Clerk).

05Categories of data subjects

• Donors and supporters of the Customer.
• Event registrants of the Customer.
• The Customer’s authorised users (staff, volunteers, board, auditors).

06Obligations of the Processor (Cause Shield)

Cause Shield will:

• Process Personal Data only on the Customer’s documented instructions.
• Ensure personnel authorised to process Personal Data are bound by confidentiality obligations.
• Implement appropriate technical and organisational security measures, including TLS 1.2+ in transit, AES-256 at rest, per-organisation Row Level Security on every Postgres table holding customer data, append-only audit logging, and least-privilege access controls.
• Notify the Customer in writing before adding or replacing a sub-processor, giving the Customer an opportunity to object on reasonable grounds.
• Notify the Customer without undue delay and in any event within 72 hours of becoming aware of a Personal Data breach.
• On termination of the agreement, return or delete all Personal Data held on behalf of the Customer at the Customer’s election.

07Sub-processors

Cause Shield engages the sub-processors listed at causeshield.com/trust#sub-processors. That page is the authoritative, version-stamped list. Each sub-processor is bound by contractual obligations no less protective than those in this DPA.

08International transfers

Personal Data is hosted in AWS us-east-1. Australian-residency hosting (Supabase Sydney region) is available as a separate-project option on request. For Customers in the European Economic Area or the United Kingdom, the EU Standard Contractual Clauses (Module Two: Controller-to-Processor) are incorporated by reference and form part of this DPA.

09Audits and inspections

Subject to confidentiality undertakings, the Customer may, on reasonable prior written notice and not more than once per calendar year, audit Cause Shield’s compliance with this DPA at the Customer’s expense. Cause Shield will respond to reasonable written security questionnaires in lieu of on-site audits where practical.

10Term and termination

This DPA is coterminous with the Customer’s subscription. On termination, Cause Shield will, at the Customer’s election, return or delete Personal Data within 30 days, subject to retention required by law.

11Liability and governing law

This DPA is governed by the laws of [Governing Jurisdiction], and the parties submit to the exclusive jurisdiction of the courts of [Governing Jurisdiction]. Each party’s aggregate liability arising out of or in connection with this DPA is capped at the fees paid by the Customer to Cause Shield in the twelve months preceding the event giving rise to the liability, except for liability that cannot be excluded by law.

Plain English: We are a small Australian company. This DPA is good-faith starter language. A qualified lawyer in your jurisdiction should review before counter-signature for high-stakes deployments.