BE-TRUTH
Data Processing Agreement (DPA)
DATA PROCESSING AGREEMENT (DPA)
Effective Date: March 25, 2026
Last Updated: March 25, 2026
This Data Processing Agreement ("DPA" or "Agreement") is entered into between AXIUM SYSTEMS GROUP LLC, a Wyoming limited liability company, located at 30 N Gould St, STE R, Sheridan, WY 82801, USA ("Processor," "Company," or "BE-TRUTH"), and the entity or individual that has accepted the BE-TRUTH Terms of Service and installed BE-TRUTH plugins on their website ("Controller" or "Operator"). Together referred to as the "Parties."
RECITALS
The Controller engages the Processor to provide rating, sharing, comments, review, and related plugin services as a web service ("Services") as described in the BE-TRUTH Terms of Service at https://be-truth.com/terms-of-service ("Main Agreement").
In the course of providing the Services, the Processor may process personal data on behalf of the Controller, acting as a Data Processor within the meaning of Article 28 of the General Data Protection Regulation (EU) 2016/679 ("GDPR") and as a Service Provider under the California Consumer Privacy Act (CCPA).
The Parties wish to document the terms and conditions governing the Processor's handling of personal data on behalf of the Controller.
By accepting the BE-TRUTH Terms of Service, the Controller also accepts the terms of this DPA.
1. DEFINITIONS
"GDPR" means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
"UK GDPR" means the GDPR as retained in UK law by the European Union (Withdrawal) Act 2018.
"CCPA" means the California Consumer Privacy Act of 2018 (California Civil Code section 1798.100 et seq.), as amended by the California Privacy Rights Act (CPRA).
"Personal Data" means any information relating to an identified or identifiable natural person, as defined under applicable data protection law.
"Processing" means any operation or set of operations performed on personal data, whether or not by automated means.
"Controller / Business" means the Operator — the entity or individual that determines the purposes and means of processing personal data of their website visitors through BE-TRUTH plugins.
"Processor / Service Provider" means AXIUM SYSTEMS GROUP LLC — the entity that processes personal data only on documented instructions from the Controller.
"Sub-Processor" means any third party engaged by the Processor to process personal data in the context of providing the Services to the Controller.
"Independent Controller Sub-Processors" means third-party payment service providers (Stripe, Paddle, and Polar) that process personal data of Operators for billing purposes independently as data controllers, not as sub-processors acting on the Company's behalf with respect to End User data.
"Data Subject" means the natural person to whom personal data relates — primarily End Users visiting the Operator's website.
"Standard Contractual Clauses" or "SCCs" means the standard contractual clauses for the transfer of personal data to third countries adopted by the European Commission under Implementing Decision (EU) 2021/914.
"UK IDTA" means the UK International Data Transfer Agreement issued by the UK Information Commissioner's Office.
"Supervisory Authority" means the competent data protection authority in the relevant jurisdiction.
2. SCOPE AND RELATIONSHIP OF THE PARTIES
2.1 Role of the Parties
For the purpose of processing personal data of End Users visiting the Controller's website through BE-TRUTH plugins, the Controller (Operator) is the data controller or business, and the Processor (BE-TRUTH) is the data processor or service provider, processing personal data solely on the Controller's behalf.
2.2 Processing on Instructions
The Processor shall process personal data only on documented instructions from the Controller, including with regard to transfers of personal data to a third country or international organization, except where processing is required by applicable law, in which case the Processor shall, to the extent permitted by law, inform the Controller of that legal requirement before processing.
2.3 Clarification on Payment Processor Roles
Stripe, Inc., Paddle.com Market Limited, Paddle.com, Inc., and Polar Software, Inc. process personal data of Operators (and their representatives) solely in connection with subscription billing for the BE-TRUTH Services. In that capacity, these entities act as independent data controllers with respect to their billing and payment processing activities and are NOT sub-processors of the Processor for purposes of this DPA. These entities do not process personal data of the Operator's End Users in their capacity as payment service providers to the Company.
3. SUBJECT MATTER AND NATURE OF PROCESSING
Subject matter: Processing of personal data necessary for providing BE-TRUTH plugin services on the Controller's website.
Nature of processing: Collection, recording, storage, organization, retrieval, use, disclosure, and deletion of personal data.
Purpose of processing: Providing rating, sharing, comments, and review plugin functionality; calculating rating scores; detecting and preventing fraudulent rating activity; displaying interaction statistics in the Operator's admin panel.
Duration: For the duration of the Main Agreement, plus the applicable data retention periods set out in Section 8 of this DPA.
Types of personal data processed: IP addresses (full or truncated); user session identifiers and tokens; plugin interaction data (ratings submitted, sharing events, page interactions); browser type, version, and operating system; device type; user role (Site Owner, Registered User, Unregistered User).
Categories of data subjects: End Users visiting the Controller's website who interact with BE-TRUTH plugins.
4. PROCESSOR'S OBLIGATIONS
4.1 Confidentiality
The Processor shall ensure that all persons authorized to process personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
4.2 Technical and Organizational Security Measures
The Processor shall implement and maintain appropriate technical and organizational measures to ensure a level of security appropriate to the risk presented by the processing, including: encryption of personal data in transit using TLS/SSL and at rest using industry-standard encryption protocols; measures to ensure ongoing confidentiality, integrity, availability, and resilience of processing systems and services; ability to restore the availability and access to personal data in a timely manner following a physical or technical incident; and a process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of processing.
4.3 Approved Sub-Processors
The Controller provides general written authorization for the Processor to engage the following categories of sub-processors for the purposes indicated.
Cloud infrastructure and hosting provider: providing server hosting, storage, and content delivery infrastructure, located in the USA or EU depending on configuration.
Email delivery service provider: providing transactional and automated email delivery, located in the USA.
Analytics platform: providing aggregated website and service usage analytics for internal improvement purposes, located in the USA.
Customer support platform: providing support ticket and communication management, located in the USA.
The specific identities of sub-processors in each category are available upon written request to hello@be-truth.com.
4.4 Changes to Sub-Processors
The Processor shall notify the Controller of any intended addition or replacement of a sub-processor by updating the sub-processor list and providing at least thirty (30) days' advance notice before the new sub-processor begins processing. The Controller may object to the addition or replacement within fourteen (14) days of receiving notice by submitting written objection to hello@be-truth.com. If the Parties cannot resolve the objection within thirty (30) days, either Party may terminate the Main Agreement with respect to the affected Services upon written notice, without liability for the termination itself.
4.5 Sub-Processor Obligations
The Processor shall impose data protection obligations equivalent to those in this DPA on all approved sub-processors through binding written agreements and shall remain liable to the Controller for the performance of those obligations to the extent that the Processor itself would be liable.
4.6 Assistance to Controller
The Processor shall, to the extent technically feasible and taking into account the nature of the processing, assist the Controller by appropriate technical and organizational measures in fulfilling the Controller's obligation to respond to Data Subject rights requests. The Processor shall promptly notify the Controller if it receives a request from a Data Subject directly, without responding to that request unless authorized by the Controller.
4.7 Data Protection Impact Assessments
The Processor shall provide reasonable assistance to the Controller in carrying out data protection impact assessments (DPIAs) and prior consultations with supervisory authorities where such assessments or consultations are required under applicable data protection law and relate to the processing performed under this DPA.
5. PERSONAL DATA BREACH NOTIFICATION
In the event of a personal data breach affecting personal data processed under this DPA, the Processor shall notify the Controller without undue delay and in any event within seventy-two (72) hours of becoming aware of the breach. The notification shall include, to the extent available at the time: a description of the nature of the breach, including the categories and approximate number of data subjects affected and the categories and approximate volume of personal data records affected; the likely consequences of the breach; and the measures taken or proposed to address the breach.
Where the Processor cannot provide all information simultaneously, it shall provide available information promptly and supplement it as further details become available. The Processor shall document all personal data breaches in accordance with applicable law.
6. CONTROLLER'S OBLIGATIONS AND RESPONSIBILITIES
6.1 Lawfulness of Instructions
The Controller warrants and represents that: (a) it has a lawful basis under applicable data protection law for instructing the Processor to process personal data on its behalf; (b) its instructions to the Processor will at all times comply with applicable data protection law; and (c) it has provided all required notices and disclosures to, and obtained all required consents from, the relevant Data Subjects as required by applicable law.
6.2 Cookie Consent
Where the Controller's use of BE-TRUTH plugins involves the setting of cookies or other tracking technologies that require consent under applicable law (including the EU ePrivacy Directive and GDPR), the Controller is solely responsible for implementing a compliant cookie consent mechanism on its website that covers the use of BE-TRUTH plugin cookies. The Controller shall not permit BE-TRUTH plugins to set consent-required cookies before obtaining valid consent from the relevant End User.
6.3 Indemnification for Unlawful Instructions
The Controller shall indemnify and hold harmless the Processor and its members, managers, officers, and employees from and against all claims, losses, costs, fines, and penalties arising from or related to any processing the Processor performs based on the Controller's instructions where such instructions violate applicable data protection law.
7. INTERNATIONAL DATA TRANSFERS
7.1 Transfers from EEA to USA
Where personal data of EEA data subjects is transferred from the Controller to the Processor (located in the USA), the Parties agree that such transfer shall be governed by the Standard Contractual Clauses (SCCs) adopted by the European Commission under Implementing Decision (EU) 2021/914, Module 2 (Controller to Processor). The SCCs are incorporated by reference into this DPA.
For the purposes of Annex I to the SCCs: (a) the data exporter is the Controller (Operator) as described in their BE-TRUTH account; (b) the data importer is AXIUM SYSTEMS GROUP LLC; (c) the categories of data subjects and personal data, the nature and purpose of processing, and the retention period are as described in Section 3 of this DPA; and (d) the competent supervisory authority is the authority in the EEA country where the Controller is established, or the Irish Data Protection Commission where no supervisory authority applies directly.
For the purposes of Annex II to the SCCs, the technical and organizational security measures are those described in Section 4.2 of this DPA.
7.2 Transfers from UK to USA
Where personal data of UK data subjects is transferred, the Parties agree that such transfer shall be governed by either: (a) the UK International Data Transfer Agreement (UK IDTA) issued by the UK ICO, incorporated by reference; or (b) the UK Addendum to the EU SCCs (approved by the UK ICO), as applicable. The Parties agree to enter into the relevant transfer documentation promptly upon request by either Party.
7.3 Sub-Processor Transfers
The Processor shall ensure that any transfer of personal data to an approved sub-processor in a third country is governed by the same or equivalent data transfer safeguards as those in this Section.
8. RETENTION AND DELETION
Upon termination of the Main Agreement or upon written request from the Controller, the Processor shall, at the Controller's election, either delete or return all personal data processed under this DPA, and delete all existing copies thereof, unless applicable law requires continued storage. The Processor shall complete deletion or return within thirty (30) calendar days of receiving the Controller's written request or the termination date, whichever is earlier, and shall certify completion in writing upon request.
Default data retention periods applied in the absence of specific Controller instructions are as follows. Plugin interaction data is retained for the duration of the Controller's active account and for five (5) years thereafter. IP addresses (full) are retained in server logs for up to twelve (12) months in active storage and up to three (3) years in backup storage, after which they are permanently deleted or anonymized. User session tokens are retained for the duration of the session plus up to thirty (30) days.
9. AUDIT RIGHTS
The Processor shall make available to the Controller all information necessary to demonstrate compliance with the obligations set out in this DPA and shall allow for and contribute to audits and inspections conducted by the Controller or an auditor mandated by the Controller.
Prior to any audit, the Controller shall provide at least thirty (30) days' written notice to the Processor. Audits shall be conducted during normal business hours, no more frequently than once per calendar year, in a manner that does not unreasonably disrupt the Processor's operations. The Controller shall bear the costs of any audit unless the audit reveals a material breach of this DPA by the Processor.
10. LIMITATION OF LIABILITY UNDER THIS DPA
Each Party's liability under this DPA is subject to the limitations set forth in the Main Agreement (Terms of Service), except where such limitations are prohibited by applicable data protection law. In particular, the aggregate liability cap set forth in the Terms of Service applies to claims arising under this DPA. This limitation does not apply to the Controller's indemnification obligation under Section 6.3 for unlawful processing instructions.
11. TERM AND TERMINATION
This DPA is effective as of the date the Controller accepts the BE-TRUTH Terms of Service and remains in effect for the duration of the Main Agreement. This DPA terminates automatically upon termination of the Main Agreement, subject to survival of provisions relating to data deletion (Section 8), audit (Section 9), and international transfer mechanisms (Section 7) to the extent necessary to complete post-termination obligations.
12. GOVERNING LAW AND JURISDICTION
This DPA is governed by the laws of the State of Wyoming, United States of America, without prejudice to mandatory provisions of applicable EU or UK data protection law that cannot be contractually displaced.
13. CONTACT
For data protection inquiries under this DPA, contact:
AXIUM SYSTEMS GROUP LLC
30 N Gould St, STE R
Sheridan, WY 82801, USA
Email: hello@be-truth.com
Copyright 2026 AXIUM SYSTEMS GROUP LLC. All rights reserved.
Effective Date: March 25, 2026
Last Updated: March 25, 2026
This Data Processing Agreement ("DPA" or "Agreement") is entered into between AXIUM SYSTEMS GROUP LLC, a Wyoming limited liability company, located at 30 N Gould St, STE R, Sheridan, WY 82801, USA ("Processor," "Company," or "BE-TRUTH"), and the entity or individual that has accepted the BE-TRUTH Terms of Service and installed BE-TRUTH plugins on their website ("Controller" or "Operator"). Together referred to as the "Parties."
RECITALS
The Controller engages the Processor to provide rating, sharing, comments, review, and related plugin services as a web service ("Services") as described in the BE-TRUTH Terms of Service at https://be-truth.com/terms-of-service ("Main Agreement").
In the course of providing the Services, the Processor may process personal data on behalf of the Controller, acting as a Data Processor within the meaning of Article 28 of the General Data Protection Regulation (EU) 2016/679 ("GDPR") and as a Service Provider under the California Consumer Privacy Act (CCPA).
The Parties wish to document the terms and conditions governing the Processor's handling of personal data on behalf of the Controller.
By accepting the BE-TRUTH Terms of Service, the Controller also accepts the terms of this DPA.
1. DEFINITIONS
"GDPR" means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
"UK GDPR" means the GDPR as retained in UK law by the European Union (Withdrawal) Act 2018.
"CCPA" means the California Consumer Privacy Act of 2018 (California Civil Code section 1798.100 et seq.), as amended by the California Privacy Rights Act (CPRA).
"Personal Data" means any information relating to an identified or identifiable natural person, as defined under applicable data protection law.
"Processing" means any operation or set of operations performed on personal data, whether or not by automated means.
"Controller / Business" means the Operator — the entity or individual that determines the purposes and means of processing personal data of their website visitors through BE-TRUTH plugins.
"Processor / Service Provider" means AXIUM SYSTEMS GROUP LLC — the entity that processes personal data only on documented instructions from the Controller.
"Sub-Processor" means any third party engaged by the Processor to process personal data in the context of providing the Services to the Controller.
"Independent Controller Sub-Processors" means third-party payment service providers (Stripe, Paddle, and Polar) that process personal data of Operators for billing purposes independently as data controllers, not as sub-processors acting on the Company's behalf with respect to End User data.
"Data Subject" means the natural person to whom personal data relates — primarily End Users visiting the Operator's website.
"Standard Contractual Clauses" or "SCCs" means the standard contractual clauses for the transfer of personal data to third countries adopted by the European Commission under Implementing Decision (EU) 2021/914.
"UK IDTA" means the UK International Data Transfer Agreement issued by the UK Information Commissioner's Office.
"Supervisory Authority" means the competent data protection authority in the relevant jurisdiction.
2. SCOPE AND RELATIONSHIP OF THE PARTIES
2.1 Role of the Parties
For the purpose of processing personal data of End Users visiting the Controller's website through BE-TRUTH plugins, the Controller (Operator) is the data controller or business, and the Processor (BE-TRUTH) is the data processor or service provider, processing personal data solely on the Controller's behalf.
2.2 Processing on Instructions
The Processor shall process personal data only on documented instructions from the Controller, including with regard to transfers of personal data to a third country or international organization, except where processing is required by applicable law, in which case the Processor shall, to the extent permitted by law, inform the Controller of that legal requirement before processing.
2.3 Clarification on Payment Processor Roles
Stripe, Inc., Paddle.com Market Limited, Paddle.com, Inc., and Polar Software, Inc. process personal data of Operators (and their representatives) solely in connection with subscription billing for the BE-TRUTH Services. In that capacity, these entities act as independent data controllers with respect to their billing and payment processing activities and are NOT sub-processors of the Processor for purposes of this DPA. These entities do not process personal data of the Operator's End Users in their capacity as payment service providers to the Company.
3. SUBJECT MATTER AND NATURE OF PROCESSING
Subject matter: Processing of personal data necessary for providing BE-TRUTH plugin services on the Controller's website.
Nature of processing: Collection, recording, storage, organization, retrieval, use, disclosure, and deletion of personal data.
Purpose of processing: Providing rating, sharing, comments, and review plugin functionality; calculating rating scores; detecting and preventing fraudulent rating activity; displaying interaction statistics in the Operator's admin panel.
Duration: For the duration of the Main Agreement, plus the applicable data retention periods set out in Section 8 of this DPA.
Types of personal data processed: IP addresses (full or truncated); user session identifiers and tokens; plugin interaction data (ratings submitted, sharing events, page interactions); browser type, version, and operating system; device type; user role (Site Owner, Registered User, Unregistered User).
Categories of data subjects: End Users visiting the Controller's website who interact with BE-TRUTH plugins.
4. PROCESSOR'S OBLIGATIONS
4.1 Confidentiality
The Processor shall ensure that all persons authorized to process personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
4.2 Technical and Organizational Security Measures
The Processor shall implement and maintain appropriate technical and organizational measures to ensure a level of security appropriate to the risk presented by the processing, including: encryption of personal data in transit using TLS/SSL and at rest using industry-standard encryption protocols; measures to ensure ongoing confidentiality, integrity, availability, and resilience of processing systems and services; ability to restore the availability and access to personal data in a timely manner following a physical or technical incident; and a process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of processing.
4.3 Approved Sub-Processors
The Controller provides general written authorization for the Processor to engage the following categories of sub-processors for the purposes indicated.
Cloud infrastructure and hosting provider: providing server hosting, storage, and content delivery infrastructure, located in the USA or EU depending on configuration.
Email delivery service provider: providing transactional and automated email delivery, located in the USA.
Analytics platform: providing aggregated website and service usage analytics for internal improvement purposes, located in the USA.
Customer support platform: providing support ticket and communication management, located in the USA.
The specific identities of sub-processors in each category are available upon written request to hello@be-truth.com.
4.4 Changes to Sub-Processors
The Processor shall notify the Controller of any intended addition or replacement of a sub-processor by updating the sub-processor list and providing at least thirty (30) days' advance notice before the new sub-processor begins processing. The Controller may object to the addition or replacement within fourteen (14) days of receiving notice by submitting written objection to hello@be-truth.com. If the Parties cannot resolve the objection within thirty (30) days, either Party may terminate the Main Agreement with respect to the affected Services upon written notice, without liability for the termination itself.
4.5 Sub-Processor Obligations
The Processor shall impose data protection obligations equivalent to those in this DPA on all approved sub-processors through binding written agreements and shall remain liable to the Controller for the performance of those obligations to the extent that the Processor itself would be liable.
4.6 Assistance to Controller
The Processor shall, to the extent technically feasible and taking into account the nature of the processing, assist the Controller by appropriate technical and organizational measures in fulfilling the Controller's obligation to respond to Data Subject rights requests. The Processor shall promptly notify the Controller if it receives a request from a Data Subject directly, without responding to that request unless authorized by the Controller.
4.7 Data Protection Impact Assessments
The Processor shall provide reasonable assistance to the Controller in carrying out data protection impact assessments (DPIAs) and prior consultations with supervisory authorities where such assessments or consultations are required under applicable data protection law and relate to the processing performed under this DPA.
5. PERSONAL DATA BREACH NOTIFICATION
In the event of a personal data breach affecting personal data processed under this DPA, the Processor shall notify the Controller without undue delay and in any event within seventy-two (72) hours of becoming aware of the breach. The notification shall include, to the extent available at the time: a description of the nature of the breach, including the categories and approximate number of data subjects affected and the categories and approximate volume of personal data records affected; the likely consequences of the breach; and the measures taken or proposed to address the breach.
Where the Processor cannot provide all information simultaneously, it shall provide available information promptly and supplement it as further details become available. The Processor shall document all personal data breaches in accordance with applicable law.
6. CONTROLLER'S OBLIGATIONS AND RESPONSIBILITIES
6.1 Lawfulness of Instructions
The Controller warrants and represents that: (a) it has a lawful basis under applicable data protection law for instructing the Processor to process personal data on its behalf; (b) its instructions to the Processor will at all times comply with applicable data protection law; and (c) it has provided all required notices and disclosures to, and obtained all required consents from, the relevant Data Subjects as required by applicable law.
6.2 Cookie Consent
Where the Controller's use of BE-TRUTH plugins involves the setting of cookies or other tracking technologies that require consent under applicable law (including the EU ePrivacy Directive and GDPR), the Controller is solely responsible for implementing a compliant cookie consent mechanism on its website that covers the use of BE-TRUTH plugin cookies. The Controller shall not permit BE-TRUTH plugins to set consent-required cookies before obtaining valid consent from the relevant End User.
6.3 Indemnification for Unlawful Instructions
The Controller shall indemnify and hold harmless the Processor and its members, managers, officers, and employees from and against all claims, losses, costs, fines, and penalties arising from or related to any processing the Processor performs based on the Controller's instructions where such instructions violate applicable data protection law.
7. INTERNATIONAL DATA TRANSFERS
7.1 Transfers from EEA to USA
Where personal data of EEA data subjects is transferred from the Controller to the Processor (located in the USA), the Parties agree that such transfer shall be governed by the Standard Contractual Clauses (SCCs) adopted by the European Commission under Implementing Decision (EU) 2021/914, Module 2 (Controller to Processor). The SCCs are incorporated by reference into this DPA.
For the purposes of Annex I to the SCCs: (a) the data exporter is the Controller (Operator) as described in their BE-TRUTH account; (b) the data importer is AXIUM SYSTEMS GROUP LLC; (c) the categories of data subjects and personal data, the nature and purpose of processing, and the retention period are as described in Section 3 of this DPA; and (d) the competent supervisory authority is the authority in the EEA country where the Controller is established, or the Irish Data Protection Commission where no supervisory authority applies directly.
For the purposes of Annex II to the SCCs, the technical and organizational security measures are those described in Section 4.2 of this DPA.
7.2 Transfers from UK to USA
Where personal data of UK data subjects is transferred, the Parties agree that such transfer shall be governed by either: (a) the UK International Data Transfer Agreement (UK IDTA) issued by the UK ICO, incorporated by reference; or (b) the UK Addendum to the EU SCCs (approved by the UK ICO), as applicable. The Parties agree to enter into the relevant transfer documentation promptly upon request by either Party.
7.3 Sub-Processor Transfers
The Processor shall ensure that any transfer of personal data to an approved sub-processor in a third country is governed by the same or equivalent data transfer safeguards as those in this Section.
8. RETENTION AND DELETION
Upon termination of the Main Agreement or upon written request from the Controller, the Processor shall, at the Controller's election, either delete or return all personal data processed under this DPA, and delete all existing copies thereof, unless applicable law requires continued storage. The Processor shall complete deletion or return within thirty (30) calendar days of receiving the Controller's written request or the termination date, whichever is earlier, and shall certify completion in writing upon request.
Default data retention periods applied in the absence of specific Controller instructions are as follows. Plugin interaction data is retained for the duration of the Controller's active account and for five (5) years thereafter. IP addresses (full) are retained in server logs for up to twelve (12) months in active storage and up to three (3) years in backup storage, after which they are permanently deleted or anonymized. User session tokens are retained for the duration of the session plus up to thirty (30) days.
9. AUDIT RIGHTS
The Processor shall make available to the Controller all information necessary to demonstrate compliance with the obligations set out in this DPA and shall allow for and contribute to audits and inspections conducted by the Controller or an auditor mandated by the Controller.
Prior to any audit, the Controller shall provide at least thirty (30) days' written notice to the Processor. Audits shall be conducted during normal business hours, no more frequently than once per calendar year, in a manner that does not unreasonably disrupt the Processor's operations. The Controller shall bear the costs of any audit unless the audit reveals a material breach of this DPA by the Processor.
10. LIMITATION OF LIABILITY UNDER THIS DPA
Each Party's liability under this DPA is subject to the limitations set forth in the Main Agreement (Terms of Service), except where such limitations are prohibited by applicable data protection law. In particular, the aggregate liability cap set forth in the Terms of Service applies to claims arising under this DPA. This limitation does not apply to the Controller's indemnification obligation under Section 6.3 for unlawful processing instructions.
11. TERM AND TERMINATION
This DPA is effective as of the date the Controller accepts the BE-TRUTH Terms of Service and remains in effect for the duration of the Main Agreement. This DPA terminates automatically upon termination of the Main Agreement, subject to survival of provisions relating to data deletion (Section 8), audit (Section 9), and international transfer mechanisms (Section 7) to the extent necessary to complete post-termination obligations.
12. GOVERNING LAW AND JURISDICTION
This DPA is governed by the laws of the State of Wyoming, United States of America, without prejudice to mandatory provisions of applicable EU or UK data protection law that cannot be contractually displaced.
13. CONTACT
For data protection inquiries under this DPA, contact:
AXIUM SYSTEMS GROUP LLC
30 N Gould St, STE R
Sheridan, WY 82801, USA
Email: hello@be-truth.com
Copyright 2026 AXIUM SYSTEMS GROUP LLC. All rights reserved.
No reason to wait
Sign up and start using our plugins today!
ॐ © 2026 Be-truth
AXIUM SYSTEMS GROUP LLC
AXIUM SYSTEMS GROUP LLC
Plugins
- Rating plugin
- Sharing plugin
- Comments plugin
- Review plugin
- Secret service
Manage cookies
Cookie Settings
Cookies necessary for the correct operation of the site are always enabled.
Other cookies are configurable.
Other cookies are configurable.