Data Processing Agreement (DPA)

    Last updated: March 19, 2026

    This Data Processing Agreement (“DPA”) is between Weeny (“Processor”) and you, the user of our Service (“Controller”). This DPA is incorporated into and forms part of the Weeny Terms of Service.

    1. Definitions

    • Data Protection Laws: Means all applicable laws relating to data protection and privacy, including the UK GDPR and the Data Protection Act 2018.
    • Controller, Processor, Data Subject, Personal Data, Personal Data Breach, and Processing: Have the meanings given to them in the Data Protection Laws.
    • Service: The link shortening, Teeny Pages, Weeny Forms, and analytics provided by Weeny.

    2. Scope and Purpose of Processing

    The Processor will process Personal Data on behalf of the Controller solely to provide the Service. This includes:

    • Managing and redirecting links.
    • Hosting landing pages (Teeny Pages).
    • Collecting and storing form submissions (Weeny Forms).
    • Providing performance analytics.

    The types of Personal Data processed include names, email addresses, and any other information the Controller chooses to collect via Weeny Forms.

    3. Obligations of the Processor

    Weeny (the Processor) agrees to:

    • Instructions: Process Personal Data only on documented instructions from the Controller (including these Terms and the DPA).
    • Confidentiality: Ensure that persons authorized to process the Personal Data have committed themselves to confidentiality.
    • Security: Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk (e.g., HTTPS encryption, secure database access).
    • Breach Notification: Notify the Controller without undue delay after becoming aware of a Personal Data Breach.
    • Assistance: Assist the Controller in fulfilling their obligations to respond to requests for exercising Data Subject rights.

    4. Obligations of the Controller

    The Controller (you) agrees to:

    • Comply with all Data Protection Laws in your use of the Service.
    • Ensure you have a valid legal basis (e.g., consent) for collecting and processing the Personal Data of your end-users through Weeny’s tools.
    • Provide clear privacy notices to your end-users.

    5. Sub-processing

    The Controller grants general authorization to the Processor to engage sub-processors. Our current sub-processors include:

    • AWS (Amazon Web Services): Infrastructure and data storage.
    • Vercel: Hosting and deployment.
    • Stripe: Payment processing.
    • PostHog: Product analytics.

    The Processor will ensure that any sub-processor is bound by data protection obligations no less protective than those in this DPA.

    6. International Data Transfers

    Personal Data may be processed in the UK, EEA, or other countries where our sub-processors maintain facilities. We ensure that any such transfers comply with Data Protection Laws (e.g., using Standard Contractual Clauses or the UK International Data Transfer Agreement).

    7. Data Deletion

    Upon termination of the Service, the Processor shall, at the choice of the Controller, delete or return all Personal Data, unless legal obligations require continued storage.

    8. Liability

    Each party’s liability under this DPA is subject to the limitations of liability set out in the Weeny Terms of Service.

    9. Governing Law

    This DPA is governed by the laws of the United Kingdom.

    By using the Weeny Service, you agree to the terms of this Data Processing Agreement.

    We use cookies to enhance your experience.