Bucephus Logo
bucephus.com
Analytics with Intelligence
Tournament
Schedule
Match Center
48 Nations
Early Access
Legal & Compliance Directory

Data Processing Agreement (DPA)

Last Updated: June 13, 2026Entity: Bucephus Inc.

1. Scope & Purpose

This Data Processing Agreement (“DPA”) governs the processing of personal data by Bucephus Inc. (“Processor”), a Delaware corporation, on behalf of our users, developers, and corporate partners (“Controller”) in connection with the prediction and tournament analytics services offered via bucephus.com.

This agreement ensures that our data handling complies with GDPR Article 28 requirements and other global data protection standards.

2. Controller & Processor Roles

The parties acknowledge and agree that:

  • The user or partner acts as the **Data Controller**, determining the categories of wagers, predictions, and inputs submitted to the platform.
  • Bucephus Inc. acts as the **Data Processor**, handling database storage, ELO calculations, and report rendering based on the Controller's active usage.

3. Processor Obligations

Bucephus Inc. agrees to the following obligations:

  1. Instructions: Process personal data only on documented instructions from the Controller (which include using platform controls).
  2. Confidentiality: Ensure that all personnel authorized to handle personal data are bound by strict confidentiality obligations.
  3. Security Measures: Implement technical and organizational measures to safeguard data against accidental loss, alterations, or unauthorized disclosure.

4. Authorized Sub-processors

The Controller grants general authorization for the Processor to engage sub-processors (such as Stripe, Clerk, and Supabase) to deliver platform systems.

We bind all sub-processors to data protection obligations no less restrictive than those in this DPA. We will publish updates to our sub-processor directory on the Privacy Policy page.

5. Security Breach Notification

In the event of a confirmed security breach leading to the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of Controller personal data:

Bucephus Inc. will notify the Controller without undue delay, and in any event, within 72 hours of becoming aware of the breach.

Notifications will contain details on the nature of the breach, compromised categories, and mitigation steps taken.

6. Audit & Review Rights

Processor will provide Controller with all reasonable information necessary to demonstrate compliance with this DPA. Controller possesses the right to request annual compliance reports or audit summaries verified by independent security assessors.

Contact Legal: legal@bucephus.com