Data Processing Agreement (Template)

Enterprise DPA template for organizers using FollowTo as a processor. Last updated: March 2026.

← Back to FollowTo

This Data Processing Agreement (“DPA”) template describes how Mantra Solventure(“Processor”, “FollowTo”) processes personal data on behalf of Enterprise customers (“Controller”, “Organizer”) when they use the FollowTo platform to host communities and events. A countersigned copy is available on request for Enterprise plans.

1. Roles

  • Controller: The organizer who determines purposes and means of processing attendee and member personal data collected through their community and events.
  • Processor: FollowTo, which hosts, stores, and transmits personal data solely on documented instructions from the Controller.

2. Subject matter and duration

Processing covers account, community, event, and RSVP data submitted through FollowTo for the term of the Controller's subscription and until deletion in accordance with this DPA and the Privacy Policy.

3. Processor obligations

  • Process personal data only on documented instructions from the Controller.
  • Ensure persons authorized to process data are bound by confidentiality obligations.
  • Implement appropriate technical and organizational measures (encryption in transit and at rest, access controls, audit logging for deletions).
  • Assist the Controller with data subject requests (access, correction, erasure, portability) using in-product controls and privacy@followto.io.
  • Notify the Controller without undue delay after becoming aware of a personal data breach affecting Controller data.
  • Delete or return personal data at the end of services, subject to legal retention requirements.

4. Sub-processors

FollowTo uses sub-processors listed in our Privacy Policy (including Turso for database hosting, Resend for transactional email, Paddle and PayU for payments). We will inform Enterprise customers of material sub-processor changes.

5. International transfers

Where personal data is transferred outside the Controller's jurisdiction, FollowTo relies on appropriate safeguards such as standard contractual clauses or equivalent mechanisms as required by applicable law.

6. Audits and documentation

Enterprise customers may request reasonable documentation of security practices and deletion receipts. Organizers on Enterprise can view a deletion audit log in the dashboard and configure attendee data retention per community. See our security readiness page for SOC 2 and ISO 27001 posture. On-site audits may be arranged subject to mutual agreement and confidentiality.

7. Request a signed DPA

To receive a countersigned DPA for your organization, contact privacy@followto.io or our contact page with your company name, billing email, and Enterprise community details.

Contact

Mantra Solventure
FE-3, 3rd Floor, Shivaji Enclave
Delhi
India - 110027
Data protection contact: privacy@followto.io