Data Processing Agreement

This Data Processing Agreement (DPA) governs the processing of personal data of NSFW Money members in connection with services rendered to campaign clients. Phase A operates with internal campaigns only; this DPA reserves the framework for Phase B external clients.

• Member: data subject · Filipino individual whose data is processed.
• NSFW Money: data controller · determines purpose and means of processing.
• Sub-processors: Supabase, Vercel, Xendit, Resend · listed in Privacy Policy.

See Privacy Policy section 2 for the full enumeration. Summary:

• Identity (name, ID image, selfie, phone)
• Demographics (gender, location, interests)
• Behavioral (tasks, submissions, proofs)
• Device + IP (anonymized hashes)
• Financial (payout destination, earnings)

• Lawfulness: explicit member consent at signup, plus contract performance basis.
• Purpose limitation: data used only for stated purposes.
• Data minimization: we collect only what is required for KYC, anti-fraud, and payout dispatch.
• Storage limitation: retention per Privacy Policy section 4.
• Integrity and confidentiality: encryption at rest, signed URLs for proof access, RLS for cross-user isolation.

• All data at rest in Supabase is encrypted with database-level keys managed by Supabase.
• KYC document images stored in private Supabase Storage bucket. Access only via signed URLs with 1-hour TTL.
• Row-Level Security (RLS) policies enforce member isolation: members cannot read other members' data.
• Admin access limited to specific staff members via granular permission system (admin_permissions).
• All admin actions logged in append-only audit_log.
• Wallet ledger is append-only (no UPDATE or DELETE).
• Access tokens rotated quarterly. Service role keys never exposed to client.
• Webhook endpoints verify HMAC signatures before processing.

• Supabase · Postgres + Storage + Auth, eu-west-1 (Ireland)
• Vercel · Edge runtime + serverless functions, multi-region with primary in iad1 (US East)
• Xendit · payment dispatch, Singapore + Manila
• Resend · transactional email, US East
• Cloudflare · DNS and bot mitigation, global edge

[TBD: counsel to verify each sub-processor has a current DPA with NSFW Money on file before Phase B launch.]

Data may be transferred outside the Philippines (to EU, US, Singapore) for processing by sub-processors. Each transfer is covered by adequate protection mechanisms per NPC guidelines. Members consent to these transfers at signup.

NSFW Money supports the following member requests within statutory deadlines:

• Access · full data export within 15 days
• Correction · within 7 days for non-KYC fields, 30 days for KYC
• Deletion · 30-day reversible window, then irreversible anonymization
• Objection / withdrawal of consent · within 7 days

If we discover a personal data breach affecting members:

• NPC notification within 72 hours of discovery, per RA 10173.
• Affected members notified by email within 72 hours.
• Public disclosure if more than 100 members affected.

This DPA is effective as long as NSFW Money processes member data. Upon platform shutdown, members are notified 30 days in advance, all balances cashed out, and data retained only as required by law.