Data Processing Agreement

Last updated: June 11, 2026

Who operates Seedling

The Seedling business management platform (the “Service”) is offered and operated by Seedling Systems LLC, a Domestic Limited Liability Company organized in Hawaii, United States (Hawaii Business Registry File No. 369196 C5).

In these documents, “Seedling” refers to the Service and software product. “We,” “us,” and “our” refer to Seedling Systems LLC. Learn more about the company at https://seedlingsystemsllc.com. Other software products offered by Seedling Systems LLC may be described on that site; each product may have its own terms where applicable.

Overview

This Data Processing Agreement (“DPA”) forms part of the agreement between Seedling Systems LLC (“Processor,” “we,” “us”) and the organization that uses Seedling (“Controller,” “you,” “your”) when we process personal data on your behalf through the Service.

By using Seedling to store or process personal data about your customers, patrons, team members, contacts, or other individuals, you agree to this DPA in addition to our Terms of Use and Privacy Policy.

Roles

  • You (the Organization) decide what personal data to collect, why, and how it is used in your business. You are the data controller (or equivalent under applicable law) for that data.
  • Seedling Systems LLC hosts and processes that data only to provide, secure, and support Seedling on your instructions. We act as a data processor (or service provider) for Organization-controlled data.
  • For your own account registration, billing, platform security, and operation of Seedling itself, Seedling Systems LLC is the controller, as described in our Privacy Policy.

Subject Matter and Duration

We process Organization-controlled personal data to provide the Service, including CRM, invoicing, payments orchestration, digital delivery, bookings, community features, notifications, and related functionality you enable.

Processing continues for the term of your use of the Service and until you delete data or your account/organization, subject to retention described in our Privacy Policy and applicable law.

Your Responsibilities as Controller

You agree to:

  • Have a lawful basis and, where required, obtain consents or provide notices for the personal data you upload or collect through Seedling
  • Provide accurate privacy notices to your customers, patrons, and contacts
  • Honor data subject requests for data you control, using export and deletion tools in the Service where available
  • Not instruct us to process personal data in violation of applicable law
  • Ensure uploaded content (including digital products) is lawful and that you have rights to distribute it

Our Obligations as Processor

We will:

  • Process Organization-controlled personal data only on your documented instructions through use of the Service, unless required by law
  • Ensure personnel authorized to process personal data are bound by confidentiality obligations
  • Implement appropriate technical and organizational security measures described in our Privacy Policy
  • Assist you, where reasonably possible, with data subject requests and security inquiries relating to Organization-controlled data
  • Notify you without undue delay if we become aware of a personal data breach affecting Organization-controlled data, where required by law
  • Delete or return Organization-controlled data when you delete it or terminate use of the Service, subject to legal retention requirements and backup cycles described in our Privacy Policy

Subprocessors

You authorize us to use subprocessors to host and operate the Service. Key categories include payment processing (e.g. Stripe, and Square where configured), cloud hosting and storage, email delivery, calendar and authentication providers (e.g. Google where you connect them), optional AI providers you enable (e.g. Anthropic), abuse/policy tooling (e.g. SafeNode), and push notification infrastructure.

We require subprocessors to protect personal data under contractual or equivalent obligations. Material changes to subprocessors will be reflected in our Privacy Policy where appropriate.

International Transfers

Seedling Systems LLC is based in the United States. If you or your data subjects are located outside the United States, personal data may be transferred to and processed in the United States and other countries where we or our subprocessors operate.

Where required by applicable law (including the UK GDPR and EU GDPR), we rely on appropriate safeguards for such transfers, which may include Standard Contractual Clauses or equivalent mechanisms offered by subprocessors, and supplementary measures where appropriate. Contact us using the channels in our Legal Information page if you need further information about transfer mechanisms for your organization.

Audits and Documentation

Upon reasonable written request, we will provide information necessary to demonstrate compliance with this DPA, subject to confidentiality and frequency limits. Formal on-site audits require mutual agreement, reasonable notice, and may be subject to fees unless mandated by law.

Liability and Precedence

Liability arising from processing covered by this DPA is subject to the limitations and indemnities in our Terms of Use. If this DPA conflicts with the Terms regarding processing of Organization-controlled personal data, this DPA controls for that processing.

Contact

Questions about this DPA or data processing requests:

Privacy & legal inquiries

You do not need a Seedling account to contact Seedling Systems LLC. use the contact options on our company website (we do not publish a direct email or street address here to reduce spam and automated scraping).

Seedling Systems LLC — contact

Privacy & legal email

For privacy requests, legal notices, and formal inquiries. Click the address below to copy it (not a mailto link, to deter bots):

Copyright & DMCA notices

To report copyright infringement on Seedling, send a notice with the information listed in our Copyright and Takedown section to the legal email above or through a support ticket if you have an account.

For formal legal service or registered-agent correspondence, consult your counsel on whether a physical address must appear on this product site. By default we route inquiries through the channels above rather than posting addresses or clickable email links.