Data Processing Addendum (DPA)

Effective Date: 1.1.2026

1. Purpose and Scope

This Data Processing Addendum (“DPA”) forms part of the Terms of Service between Btown LLC, operating as TheCEO.ai (“Processor”), and the user or customer (“Controller”).

This DPA governs the processing of Personal Data in connection with TheCEO.ai’s software-as-a-service platform and AI-powered services.

2. Definitions

Capitalized terms not defined in this DPA shall have the meanings set forth in applicable data protection laws, including the General Data Protection Regulation (“GDPR”) and applicable U.S. privacy laws.

• Personal Data: Information relating to an identified or identifiable individual.
• Processing: Any operation performed on Personal Data.
• Controller: The entity determining the purposes and means of Processing.
• Processor: The entity Processing Personal Data on behalf of the Controller.

3. Roles of the Parties

For purposes of this DPA:

• The user or customer is the Controller of Personal Data submitted to the Services.
• Btown LLC (TheCEO.ai) acts as a Processor when Processing Personal Data on behalf of the Controller.

4. Processing Instructions

TheCEO.ai shall process Personal Data only in accordance with:

• The Controller’s documented instructions
• This DPA
• The Terms of Service and Privacy Policy
• Applicable data protection laws

5. Nature and Purpose of Processing

Personal Data is processed for the purpose of providing, maintaining, and improving TheCEO.ai Services, including AI-driven analysis, automation, and platform functionality.

6. Data Security Measures

TheCEO.ai implements commercially reasonable technical and organizational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

No system is completely secure, and absolute security cannot be guaranteed.

7. Subprocessors

The Controller authorizes TheCEO.ai to engage subprocessors for the provision of the Services (e.g., hosting, analytics, communications).

• Subprocessors are subject to contractual obligations consistent with this DPA.
• TheCEO.ai remains responsible for subprocessors’ compliance.

8. Data Subject Rights

To the extent required by law, TheCEO.ai will assist the Controller in responding to requests from data subjects to exercise their rights, including access, correction, or deletion of Personal Data.

9. Data Retention and Deletion

Personal Data will be retained only as long as necessary to provide the Services or as required by applicable law.

Upon termination of Services, TheCEO.ai may delete or anonymize Personal Data, unless retention is required by law.

10. International Data Transfers

Personal Data may be processed in the United States or other jurisdictions where TheCEO.ai or its subprocessors operate.

Where required, appropriate safeguards will be applied to such transfers.

11. AI and Automated Processing

TheCEO.ai uses artificial intelligence and automated systems to process user inputs and generate outputs.

• Personal Data is not used to train public or third-party AI models.
• Aggregated or anonymized data may be used to improve system performance.
• AI outputs are generated automatically and require human review.

12. Audits

Upon reasonable written request, TheCEO.ai will make available information necessary to demonstrate compliance with this DPA, subject to confidentiality and security considerations.

13. Limitation of Liability

Liability arising out of this DPA is subject to the limitations set forth in the Terms of Service.

14. Governing Law

This DPA shall be governed by and construed in accordance with the laws specified in the Terms of Service.

15. Contact Information

For data protection inquiries, contact:

Email: support@theceo.ai

Last Modified: 2.7.2026