offloadcms

Data Processing Addendum

Last updated: 2026-06-30

Template notice. This is a starting-point policy for the offloadcms storefront. Review and adapt it with qualified counsel before publishing or onboarding with Polar. Bracketed values must be completed.

This summary describes how offloadcms processes personal data on your behalf. A full signable DPA is available on request at [email protected].

01Roles

For the content you publish through the Service, you are the controller and offloadcms is the processor. For account and billing data, offloadcms is the controller.

02Subprocessors

  • Cloudflare — hosting, storage (D1/R2/KV), and delivery.
  • Polar — billing and Merchant of Record.
  • Resend — transactional and magic-link email.

We will give notice of new subprocessors where required.

03Security measures

Encryption in transit, access controls, least-privilege credentials, and logging. See the Privacy Policy for details.

04Data subject requests

We assist you in responding to access, correction, and erasure requests for content processed on your behalf.

05International transfers

Where personal data is transferred across regions, appropriate safeguards such as Standard Contractual Clauses apply.

Questions about this policy? Email [email protected].