Last Updated January 20, 2026
This Data Processing Addendum (“DPA“) forms part of the Paid Memberships Pro Hosting Terms of Service or other applicable agreement (the “Agreement“) between Stranger Studios, LLC. d/b/a Paid Memberships Pro (“PMPro Hosting“, “we“, “us“) and the customer (“Customer“, “you“).
This DPA applies only to Paid Memberships Pro Hosting services and does not apply to use of the Paid Memberships Pro plugin on third-party hosting environments.
In the event of a conflict between this DPA and the Agreement, this DPA controls solely with respect to data protection matters.
Updates to this DPA. We may update this DPA from time to time. If we make material changes, we will provide notice by email to the primary account contact on file or by posting a notice in connection with the Services. Your continued use of the Services more than thirty (30) days after such notice will constitute acceptance of the updated DPA. If you do not agree to the updated DPA, you may terminate the Services in accordance with the Agreement.
1. Scope and Purpose
This DPA applies to the Processing of Personal Data by PMPro Hosting on behalf of Customer solely for the purpose of providing infrastructure hosting and related operational support for Customer’s WordPress website(s) hosted using Paid Memberships Pro Hosting (the “Services“).
PMPro Hosting does not control, configure, or manage Customer’s application-level data, content, user interactions, or data collection practices.
2. Definitions
Capitalized terms not defined in this DPA have the meanings set forth in the Agreement or applicable Data Protection Laws.
- “Personal Data” means any information relating to an identified or identifiable natural person processed in connection with the Services.
- “Processing” means any operation performed on Personal Data as defined under applicable Data Protection Laws.
- “Data Protection Laws” means applicable privacy and data protection laws and regulations, including the GDPR, UK GDPR, and applicable U.S. state privacy laws, to the extent they apply to the Services.
- “Sub-processor” means a third party engaged by PMPro Hosting to process Personal Data solely to provide the Services.
- “Personal Data Breach” means any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Personal Data, excluding unsuccessful attempts or activities that do not compromise the security or integrity of Customer Personal Data, including, but not limited to, failed log-in attempts, pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems.
3. Roles of the Parties
- Customer is the Controller of Personal Data.
- PMPro Hosting acts as a Processor, processing Personal Data only on Customer’s documented instructions and solely to provide the Services.
- PMPro Hosting will process Customer Personal Data only on Customer’s documented instructions (including as set out in the Agreement), unless required by applicable law. If PMPro Hosting believes Customer’s instructions violate applicable Data Protection Laws, PMPro Hosting will inform Customer.
- Customer retains full control and responsibility for:
- The WordPress application and database
- Plugins, themes, and configurations
- Data collected from users or members
- Lawful basis for Processing, consent mechanisms, notices, and retention policies
- PMPro Hosting does not sell or share Customer Personal Data and does not retain, use, or disclose Customer Personal Data for any purpose other than providing the Services, except as permitted or required by applicable law.
PMPro Hosting does not determine the purposes or means of Processing Customer Personal Data.
4. Nature and Scope of Processing
PMPro Hosting’s Processing activities are limited to:
- Provisioning and maintaining isolated infrastructure environments
- Operating server-level services required for the Services
- Performing backups, restorations, or migrations at Customer’s request
- Providing infrastructure-level support related to availability and performance
PMPro Hosting does not access, use, or disclose Customer Personal Data for any purpose other than providing the Services.
5. Sub-processors
Customer authorizes PMPro Hosting to engage the following Sub-processor:
- DigitalOcean, LLC – cloud infrastructure and hosting services
DigitalOcean’s Data Processing Addendum is available at:
https://www.digitalocean.com/legal/data-processing-agreement
PMPro Hosting may engage additional Sub-processors as reasonably necessary to provide the Services. PMPro Hosting will make reasonable efforts to notify Customers of material changes to its Sub-processors.
If Customer objects to a new Sub-processor and PMPro Hosting cannot reasonably accommodate the objection, Customer’s sole and exclusive remedy is to terminate the Services in accordance with the Agreement.
6. Data Centers and International Data Transfers
Data center preference. Customer may request a preferred hosting region for the Services, subject to availability. Unless Customer requests otherwise, PMPro Hosting will select the hosting region used to provide the Services.
Customer acknowledges that selecting a hosting region may result in Personal Data being stored and processed in the selected region, and may involve cross-border transfers depending on Customer’s location and chosen region.
Customer acknowledges that Personal Data may be transferred to and processed in countries outside of the European Economic Area, United Kingdom, or Switzerland solely for the purpose of providing the Services.
Where required by applicable Data Protection Laws, such transfers rely on appropriate safeguards, including Standard Contractual Clauses or equivalent transfer mechanisms implemented by PMPro Hosting and its Sub-processors, including DigitalOcean.
7. Security Measures
PMPro Hosting implements reasonable technical and organizational measures appropriate to the nature of the Services and the risks involved, taking into account that:
PMPro Hosting ensures that personnel with access to Customer Personal Data are subject to appropriate confidentiality obligations.
- Each Customer site is hosted in an isolated infrastructure environment
- Customers are provided administrative access (e.g., SSH and/or SFTP)
- Customers control application-level security configurations, plugins, and content
Application-level security controls, certifications, audits, or compliance frameworks beyond infrastructure operations are outside the scope of the Services.
8. Personal Data Breach
If PMPro Hosting becomes aware of a Personal Data Breach affecting Customer Personal Data, PMPro Hosting will notify Customer without undue delay and provide information reasonably available regarding the nature of the incident and any mitigation steps taken.
9. Data Subject Requests
PMPro Hosting does not independently respond to data subject requests.
If PMPro Hosting receives a request relating to Customer Personal Data, it will promptly notify Customer, unless prohibited by law. Customer is solely responsible for responding to all data subject requests.
10. Deletion or Return of Data
Upon termination of the Agreement and at Customer’s request, PMPro Hosting will take reasonable steps to delete or return Customer Personal Data, subject to:
- Backup retention cycles
- Legal, regulatory, or operational requirements
11. Limitation
This DPA does not create obligations beyond those required under applicable Data Protection Laws or beyond the scope of the Services described in the Agreement.
