BrokerReady — Brokerage Training & Compliance

1. Parties

This Data Processing Agreement ("DPA") is entered into between the subscribing brokerage ("Controller") and S-DUB Media LLC, operating BrokerReady ("Processor").

2. Scope

This DPA applies to all personal data processed by BrokerReady on behalf of the Controller, including agent names, contact information, license data, E&O insurance details, NAR membership information, compliance documents, training progress, and certificates.

3. Processing Purpose

BrokerReady processes personal data solely for the purpose of:

Providing training content delivery and progress tracking
Monitoring compliance status (license, E&O, NAR expirations)
Sending automated reminders and notifications
Generating completion certificates
Providing compliance dashboards and reporting
Processing subscription billing

4. Controller Obligations

Ensure lawful basis for processing agent personal data
Provide agents with appropriate privacy notices
Respond to data subject access requests within required timeframes
Notify Processor of any restrictions on data processing

5. Processor Obligations

Process personal data only on documented instructions from the Controller
Ensure personnel are bound by confidentiality obligations
Implement appropriate technical and organizational security measures
Assist Controller in responding to data subject requests
Delete or return all personal data upon termination of the agreement
Make available all information necessary to demonstrate compliance

6. Sub-Processors

BrokerReady uses the following sub-processors:

Provider	Purpose	Location
Supabase	Database & authentication	US (AWS US-East-2)
Vercel	Application hosting	US (Edge network)
Resend	Email delivery	US
Stripe	Payment processing	US
Vimeo	Video hosting	US

7. Data Breach Notification

Processor will notify Controller without undue delay (and no later than 72 hours) after becoming aware of a personal data breach. Notification will include the nature of the breach, categories of data affected, approximate number of individuals, and measures taken to address the breach.

8. Data Retention and Deletion

Upon termination of the service agreement, Processor will delete all personal data within 90 days unless retention is required by law. Audit logs are retained for 7 years for compliance purposes. Certificates and public verification pages are retained permanently.

9. Governing Law

This DPA is governed by the laws of the State of Tennessee and the Tennessee Information Protection Act (TIPA).

10. Contact

For DPA requests or questions: legal@brokerready.net

NOTICE: This is a template DPA. A signed copy specific to your brokerage will be provided as part of the onboarding process. Review by qualified legal counsel is recommended.