Data Processing Addendum
This Data Processing Addendum ("DPA") forms part of the Terms of Service or other written or electronic agreement between Cinematic Apps, Inc., a California corporation based in Burbank, CA ("Cinematic Apps", “Line Budgeter”, "we," "us," or "our") and the entity agreeing to these terms ("Customer," "you," or "your") for the use of Line Budgeter services (the "Agreement") to reflect the parties' agreement with regard to the processing of Personal Data.
Last Updated: February 22, 2026
1. DEFINITIONS
1.1 The following definitions apply in this DPA:
“Controller” means the entity which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
“Customer Data” means any data that Customer uploads, submits, or otherwise provides to Cinematic Apps, Inc. in connection with Customer’s use of the Services.
“Data Protection Laws” means all applicable laws and regulations relating to the processing of Personal Data and privacy, including but not limited to the GDPR, UK GDPR, CCPA, CPRA, and other applicable data protection laws.
“Data Subject” means the identified or identifiable person to whom Personal Data relates.
“GDPR” means the General Data Protection Regulation (EU) 2016/679.
“Personal Data” means any information contained within Customer Data that relates to an identified or identifiable natural person.
“Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data.
“Processor” means the entity which processes Personal Data on behalf of the Controller.
“Sub-processor” means any third party engaged by Cinematic Apps, Inc. to process Personal Data on behalf of Customer.
2. RELATIONSHIP OF THE PARTIES
2.1 The parties acknowledge and agree that with regard to the processing of Personal Data, Customer is the Controller and Line Budgeter is the Processor.
2.2 Each party will comply with the obligations applicable to it under Data Protection Laws. Customer shall ensure that its instructions for the processing of Personal Data comply with Data Protection Laws.
3.1 Line Budgeter shall process Personal Data only:
(a) on documented instructions from Customer, unless required to do so by applicable law;
(b) for the purposes described in Schedule 1; and
(c) in accordance with the terms of this DPA.
3.2 Cinematic Apps shall immediately inform Customer if, in Cinematic Apps’s opinion, an instruction infringes Data Protection Laws.
4. CUSTOMER’S PROCESSING OF PERSONAL DATA
4.1 Customer warrants that it has all necessary rights to provide Personal Data to Cinematic Apps and has provided all necessary notices and obtained all consents required under Data Protection Laws.
5. PERSONNEL & SECURITY
5.1 Cinematic Apps., Inc. shall ensure that its personnel engaged in the processing of Personal Data are bound by appropriate confidentiality obligations.
5.2 Cinematic Apps shall implement and maintain appropriate Technical and Organizational Measures (TOMs) to ensure a level of security appropriate to the risks, as detailed in Schedule 3.
6. SUB-PROCESSORS
6.1 Customer consents to Cinematic Apps engaging Sub-processors (listed in Schedule 2), provided that Cinematic Apps ensures any Sub-processor is bound by data protection obligations equivalent to this DPA and remains fully liable for their acts.
6.2 Cinematic Apps shall provide Customer with at least 30 days’ prior written notice of any intended changes to Sub-processors. If Customer reasonably objects, Customer may terminate the affected Services.
7.1 Cinematic Apps shall promptly notify Customer if it receives a request from a Data Subject and shall not respond except on the documented instructions of Customer.
7.2 Cinematic Apps shall provide reasonable assistance to Customer in fulfilling Data Subject requests (e.g., access, rectification, deletion, portability).
8.1 Cinematic Apps shall notify Customer without undue delay (and in any event within 24 hours) after becoming aware of a Personal Data Breach.
8.2 The notification shall include the nature of the breach, approximate number of Data Subjects affected, likely consequences, and remediation measures taken.
9.1 Where Cinematic Apps transfers Personal Data from the European Economic Area (EEA) or the United Kingdom to a third country, Cinematic Apps shall ensure appropriate safeguards are implemented, including Standard Contractual Clauses (SCCs) approved by the European Commission, and the UK International Data Transfer Agreement or Addendum.
9.2 Compelled Disclosure & Resisting Access: If Cinematic Apps receives a legally binding request from a law enforcement or regulatory authority to disclose Customer Data, where legally permitted, Cinematic Apps shall inform the Customer prior to disclosure and challenge access where reasonable in accordance with applicable law.
10.1 Customer may conduct an audit ofCinematic Apps’s compliance with this DPA no more than once per calendar year, provided Customer gives 30 days’ written notice, conducts it during normal business hours at Customer’s expense, and executes a confidentiality agreement.
11.1 Binding Retention Control: Upon termination of the Agreement, or upon Customer’s written request at any time, Cinematic Apps shall, at Customer’s choice, delete or return all Personal Data to Customer and delete existing copies unless applicable law explicitly requires storage.
12.1 This DPA shall be governed by the laws of the State of California. The exclusive place of jurisdiction for any disputes arising from this DPA is Los Angeles County, California.
13.1 This DPA, together with the Agreement, constitutes the entire agreement between the parties with respect to the subject matter hereof.
Subject matter of processing: Provision of Line Budgeter services.
Duration of processing: For the term of the Agreement.
Nature and purpose of processing: Account management, service delivery, customer support, and technical maintenance.
Categories of Personal Data: Contact information (name, email, professional title), account credentials, payment rates, union affiliations, and device data (IP address).
Categories of Data Subjects: Customer’s employees, contractors, crew members, and authorized users.
Retention period: Subject to the binding instructions of the Customer (Controller). Data will not be retained longer than necessary to provide the Services or as legally required.
Line Budgeter and Cinematic Apps engages the following categories of Sub-processors:
Cloud hosting providers: For data storage and infrastructure (e.g., AWS / Google Cloud / Azure).
Payment processors: For subscription billing.
Customer support platforms: For providing customer service.
Analytics & Security providers: For service monitoring and threat detection.
Geographic locations: United States.
Access Control: Complex password policies, Multi-Factor Authentication (MFA) for administrative access, and strict role-based access control.
Separation Control: Logical separation of client data within the software architecture and separation of development/production environments.
Encryption: Mandatory encryption of data in transit (TLS/SSL) and data at rest (AES-256).
Resilience: Redundant, enterprise-grade cloud hosting with automated, geographically distributed daily backups and a documented Disaster Recovery Plan.
Contact Information for DPA matters: Email: dpo@cinematicapps.com Mail: Cinematic Apps, Inc., 2140 North Hollywood Way, Suite 6101, Burbank, CA 91510
