1. Introduction

This Data Processing Addendum ("DPA") forms part of the agreement between Snap Launch LLC ("Processor," "we," "us") and the customer ("Controller," "you") governing use of the Rollover Analysis Tool (the "Service"). This DPA applies when we process Customer Information on your behalf through the Service.

2. Definitions

Customer Information: Personal information about your clients that you enter into the Service, including client names, employer names, and account values, as well as your firm and advisor profile information.
Process/Processing: Any operation performed on Customer Information, including collection, storage, retrieval, and deletion.
Subprocessor: A third party engaged by Processor to process Customer Information. Listed at /subprocessors.

3. Processing Details

Subject matter: Rollover analysis software services

Duration: Term of your subscription or account

Nature and purpose: Storage, processing, and display of rollover analysis data; report generation; audit logging

Categories of data: Client names, employer names, account values, analysis parameters, advisor profile data

Data subjects: Your clients and your firm's authorized users

Location: United States

4. Processor Obligations

Processor will:

Process Customer Information only on documented instructions from Controller (your use of the Service constitutes such instructions)
Implement appropriate technical and organizational measures per our Security page and Information Security Policy
Ensure personnel authorized to process Customer Information are bound by confidentiality obligations
Engage Subprocessors only per our Subprocessor list, with equivalent data protection obligations
Assist Controller with data subject requests (access, correction, deletion) via help@rolloveranalysistool.com
Delete or return Customer Information upon termination, subject to legal retention requirements (7-year DOL recordkeeping)
Maintain records of processing activities as described in our Privacy Policy

5. Security Incident Notification

Processor will notify Controller of any breach of security involving Customer Information as soon as possible, and no later than seventy-two (72) hours after Processor becomes aware that such a breach has occurred. Notification will include, to the extent known: nature of the incident, categories of data involved, approximate number of affected records, remediation steps, and a contact for further information. This commitment aligns with SEC Regulation S-P service provider requirements.

6. Subprocessors

Controller authorizes Processor to engage Subprocessors listed at rolloveranalysistool.com/subprocessors. Processor will notify Controller of material changes as described on that page.

7. Controller Obligations

Controller is responsible for: (a) ensuring a lawful basis for processing client data; (b) providing accurate data; (c) enabling MFA and maintaining account security; (d) complying with applicable regulations including SEC, FINRA, and DOL requirements; and (e) designating a compliance contact for security notifications.

8. Acceptance and Execution

By continuing to use the Service after the Effective Date, Controller accepts this DPA. For a countersigned copy for your compliance records, email us with your firm name and compliance contact.

This DPA supplements our Terms of Service and Privacy Policy. In the event of conflict regarding data protection, this DPA controls.