Kinn.gg Logo
Features
Solutions
PricingAbout US
Log InStart for FreeStart for Free

Data Processing Agreement (DPA)

Effective Date: March 15, 2025
Last Updated: October 15, 2025
Company: WASD Corporation (dba “Kinn”)
Contact: support@kinn.gg

1. Introduction

This Data Processing Agreement (“Agreement”) forms part of the Terms of Service or any other agreement between WASD Corporation (“Processor”, “Kinn”, “we”, “us”) and the customer (“Controller”, “you”, “your”) who uses Kinn, our web-based feedback analytics platform for video game studios.

This Agreement governs the processing of personal data by Kinn on behalf of the Controller in compliance with applicable privacy laws, including the General Data Protection Regulation (EU) 2016/679 (GDPR), the UK GDPR, and the California Consumer Privacy Act (CCPA) as amended by the CPRA.

2. Definitions

For purposes of this Agreement:

  • “Personal Data” means any information relating to an identified or identifiable natural person.
  • “Processing” means any operation performed on Personal Data, such as collection, recording, storage, alteration, or deletion.
  • “Controller” means the entity that determines the purposes and means of processing.
  • “Processor” means the entity that processes Personal Data on behalf of the Controller.
  • “Subprocessor” means any third party engaged by the Processor to assist in processing activities.
  • “Applicable Laws” means all relevant data protection laws, including GDPR, UK GDPR, and CCPA/CPRA.

3. Scope and Purpose of Processing

Processor agrees to process Personal Data solely for the following purposes:

  • To provide and maintain the Kinn platform and related services.
  • To analyze and improve product performance.
  • To fulfill contractual obligations with the Controller.
  • To comply with applicable legal requirements.

Processor shall not process Personal Data for any purpose other than those stated above or as otherwise instructed in writing by the Controller.

4. Roles and Responsibilities

  • Controller Responsibilities:
    The Controller is responsible for ensuring that the collection and processing of Personal Data comply with all applicable data protection laws.
  • Processor Responsibilities:
    The Processor will process Personal Data only on documented instructions from the Controller, maintain appropriate security measures, and assist the Controller in fulfilling its legal obligations regarding data subjects’ rights.

5. Subprocessors

Processor may engage subprocessors to perform limited processing activities.
As of the effective date, Processor uses the following subprocessors:

SubprocessorPurposeLocationRenderHosting and infrastructureUnited StatesAmazon Web Services (AWS)File and media storageUnited StatesStripePayment processingUnited StatesPostHogAnalytics and user event trackingUnited States / EUGoogleAnalytics and advertisingGlobalPostmarkTransactional and notification emailsUnited StatesOpenAILanguage model analysis for feedback insightsUnited States

Processor will ensure that each subprocessor provides at least the same level of data protection as required by this Agreement. The Processor shall inform the Controller of any intended changes to subprocessors and provide the Controller with the opportunity to object.

6. Data Handling and Deletion

Processor’s handling, retention, and deletion of data are governed by the Data Handling & Deletion Policy.
Upon termination of services or upon written request from the Controller, the Processor will delete or return all Personal Data within sixty (60) days, except where retention is required by law.

7. International Data Transfers

Processor is based in the United States.
When processing Personal Data originating from the European Economic Area (EEA) or the United Kingdom, Processor shall ensure appropriate safeguards are in place, such as the EU Standard Contractual Clauses (SCCs) and UK Addendum, to maintain an adequate level of data protection.

8. Security Measures

Processor shall implement and maintain appropriate technical and organizational measures to protect Personal Data, including:

  • Data encryption in transit and at rest
  • Access controls and authentication procedures
  • Regular security assessments and vulnerability testing
  • Data minimization and anonymization where feasible
  • Incident detection and response mechanisms

Additional details are outlined in the Processor’s internal Security Policy, available upon request.

9. Data Subject Rights

Processor shall assist the Controller in fulfilling obligations related to data subject rights, including access, correction, deletion, objection, and portability.
Any data subject request received directly by the Processor will be forwarded to the Controller without undue delay.

10. Audit and Compliance

Upon written request and with reasonable notice, Controller may audit Processor’s compliance with this Agreement once per year.
Audits shall not unreasonably interfere with Processor’s operations and may be satisfied through independent third-party certifications or documentation.

11. Confidentiality

Processor shall ensure that all personnel with access to Personal Data are bound by appropriate confidentiality obligations and are trained in data protection principles.

12. Security Breach Notification

In the event of a confirmed personal data breach, Processor shall notify the Controller without undue delay and provide sufficient information to allow the Controller to meet any reporting obligations under Applicable Laws.

13. Liability and Indemnification

Each party’s liability under this Agreement shall be limited to the extent permitted by Applicable Laws and the underlying master agreement between the parties.

14. Term and Termination

This Agreement remains in effect for as long as the Processor processes Personal Data on behalf of the Controller or until termination of the services.
Upon termination, Processor shall delete all Personal Data in accordance with Section 6.

15. Governing Law

This Agreement is governed by the laws of the State of Idaho, United States, without regard to its conflict of law principles.
For EU data subjects, this Agreement shall also be interpreted in accordance with the GDPR.

16. Contact

For questions about this Agreement or data protection practices, please contact:

WASD Corporation
1775 W State St #166
Boise, ID 83702, USA
Email: support@kinn.gg

Features
Bug Reporting & ManagementFeedback TopicsVideo & Streaming Analysis
Solutions
For Community ManagersFor Product Teams
Company
About UsContact
Product
Pricing
Kinn.gg Logo
Copyright @2025 Kinn.gg
PrivacyTermsData HandlingData Processing Agreement