Data Processing Agreement
This Data Processing Agreement (“DPA”) governs how Mission Control processes customer data in connection with the platform and related services.
Last Updated: May 8, 2026
1. Overview
Mission Control acts as a data processor for customer data processed through the platform. Customers determine the data they connect, upload, submit, or generate through Mission Control, and Mission Control processes that data to provide, secure, maintain, and support the services.
2. Scope of Processing
Processing may include the collection, hosting, transmission, organization, analysis, retrieval, generation, deletion, and protection of customer data required to operate Mission Control. This may include:
- Account information used to create, administer, and secure user access.
- Multi-factor authentication, trusted device, session, and security event records used to protect accounts.
- Connected social platform data from authorized integrations.
- Campaign and analytics data used for reporting and operational visibility.
- Ecommerce, CRM, payment, email marketing, and workflow data from authorized integrations.
- Uploaded content submitted by users for workspace collaboration or analysis.
- AI-generated outputs created through platform features.
- Support communications related to service delivery and issue resolution.
3. Categories of Data
Customer data processed by Mission Control may include:
- Identifiers.
- Email addresses.
- Phone numbers used for account security where provided.
- Usage data.
- Session, device, MFA, and audit log metadata.
- Connected platform metadata.
- Connected reporting, analytics, ecommerce, CRM, advertising, payment, and workflow data.
- Billing information.
- Content submitted by users.
4. Purpose of Processing
Mission Control processes customer data for limited business purposes tied to providing and operating the services, including:
- Providing platform functionality and connected reporting workflows.
- Authentication, required multi-factor verification, trusted device management, account access, and user permission management.
- Analytics, measurement, and service performance monitoring, subject to cookie consent controls described in the Cookie Policy where applicable.
- Customer support, troubleshooting, and account communications.
- Infrastructure security, abuse prevention, logging, and audit readiness.
- Data export, account deletion, workspace deletion, and retention workflows.
- AI-assisted features that summarize, classify, generate, or recommend operational actions.
5. Security Measures
Mission Control maintains administrative, technical, and organizational safeguards designed to protect customer data. Measures include encrypted connections using HTTPS/TLS, required multi-factor authentication, email and SMS verification where available, trusted device controls, active session review and revocation, recent-MFA checks for sensitive actions, role-based access controls, least-privilege access practices, encrypted OAuth tokens and connector credentials, monitoring and logging, infrastructure protections, backup controls, incident response workflows, and vendor management for service providers that support the platform.
6. Subprocessors
Mission Control may use vetted subprocessors to provide infrastructure, analytics, communications, payments, AI functionality, customer operations, and authorized connector reporting services such as Mailchimp. Mission Control maintains a current list of subprocessors at /legal/subprocessors, with cookie-specific vendor context in the Cookie Policy.
7. International Transfers
Customer data may be processed in the United States and through approved subprocessors that support Mission Control operations. Where required, Mission Control relies on appropriate contractual, technical, and organizational safeguards for cross-border processing.
8. Data Retention
Customer data is retained only as long as necessary for operational, legal, and security purposes. Retention periods may depend on the customer relationship, account status, backup practices, audit requirements, dispute resolution, and applicable law.
Deleted user and owner-level account records are soft-deleted first and are configured for permanent purge after 30 days, unless a longer period is required for legal, security, billing, backup, dispute, or abuse-prevention reasons. Eligible owners and admins may delete additional workspaces when an account has more than one workspace.
9. Customer Rights
Customers and authorized users may request access, correction, deletion, portability, or withdrawal of consent where applicable. Users may download an account data export from profile settings and may request account deletion where available. Mission Control may verify the request and coordinate with the customer account owner or administrator when requests relate to workspace data controlled by a customer organization.
10. Incident Notification
Mission Control will notify affected customers of confirmed security incidents involving customer data as required by law and consistent with applicable contractual obligations.
11. Contact Information
For privacy, data protection, or DPA inquiries, contact support@stranded.me.