Data Processing Addendum

You (the pet care business) are the data controller for your clients' and pets' personal data. Nuzzo is the data processor, handling that data on your behalf and under your instructions.

We process personal data solely to operate the Service — scheduling, report cards, payments, notifications, and portal access. We don't use your customers' data for any other purpose and we never share it with unauthorized third parties.

A full list is in our Privacy Policy. We'll notify you at least 30 days before adding or changing a subprocessor that handles personal data. You can object in writing; if we can't find a mutually acceptable path, you can cancel and receive a pro-rated refund.

We maintain technical and organizational measures appropriate to the data we hold: encryption in transit and at rest, Argon2id password hashing, scoped multi-tenancy, rate limiting, and audit-log trails. Full security posture available on request.

If one of your clients (a data subject) makes a request to access / correct / delete their data, contact us at the address below and we'll assist you in fulfilling it within the timeline your jurisdiction requires.

We'll notify you without undue delay (and within 72 hours where required by law) of any personal data breach affecting your account, with the nature of the breach, the data types involved, and the steps we're taking.

Data is primarily stored in the United States via our hosting subprocessors. Where international transfers are required, we rely on Standard Contractual Clauses and the EU–US Data Privacy Framework as applicable.

Email hello@nuzzo.pet with your business details and we'll return a counter-signed DPA within three business days.