limbo/ takes data protection seriously. Here is the short version for clients and partners. The full Data Processing Agreement (DPA) stays private and is signed with the client contract.
- Our roles. For your own account and our relationship with you, we are the controller. For the personal data inside your catalog and platform (your artists, payees, sub-accounts), we act as your processor and follow your instructions.
- DPA. Clients receive a Data Processing Agreement as part of onboarding, compliant with GDPR art. 28. A copy is available on request.
- Hosting and sub-processors. We host on Amazon Web Services and use a limited set of vetted providers, each under written data-protection terms. A current sub-processor list is available to clients on request.
- International transfers. Where data moves outside the EEA, we rely on Standard Contractual Clauses with supplementary measures where needed.
- Security. Access controls and least privilege, two-factor authentication, encryption in transit, logging and monitoring, and vendor due diligence.
- Breaches. We notify affected clients without undue delay and assist with regulatory and data-subject obligations.
Data-protection questions and DPA requests: info@limbomusic.com.