On this page
ScopeRoles of the PartiesCategories of DataPurpose of ProcessingSecurity MeasuresSubprocessorsInternational TransfersData Subject RightsData RetentionData Breach NotificationTerminationGoverning LawContact

Potluck Data Processing Addendum

Effective Date: March 2026

This Data Processing Addendum (“DPA”) forms part of the Terms of Use between Potluck, Inc. (“Potluck”) and users or organizations using the Potluck platform.

Potluck, Inc.

Nashville, TN 37216

United States

Scope

This DPA applies when Potluck processes personal data on behalf of users or organizations using the Potluck platform.

Roles of the Parties

For purposes of applicable data protection laws including the GDPR:

• The user or organization using Potluck is the Data Controller.

• Potluck acts as the Data Processor.

Categories of Data

Potluck may process the following categories of personal data:

• User names

• Email addresses

• Event participation information

• Uploaded photographs

• Technical usage data

• Payment transaction references

Purpose of Processing

Personal data is processed solely to:

• Provide the Potluck platform

• Facilitate event organization

• Enable user communications

• Provide analytics and platform improvements

• Maintain system security

Security Measures

Potluck implements reasonable administrative, technical, and organizational safeguards including:

• Secure cloud hosting infrastructure

• Access controls and authentication protections

• Encryption of data in transit

• Monitoring for unauthorized access

Subprocessors

Potluck may use trusted subprocessors to operate the platform including:

• Stripe (payment processing)

• PostHog (analytics)

• Cloud infrastructure providers

• Email service providers

Subprocessors are required to maintain appropriate data protection safeguards.

International Transfers

Where personal data is transferred internationally, Potluck will ensure appropriate safeguards are implemented consistent with applicable data protection laws.

Data Subject Rights

Potluck assists controllers in responding to requests from individuals exercising rights such as:

• Access

• Correction

• Deletion

• Data portability

Requests may be submitted to support@potluck.us.

Data Retention

Personal data is retained only as long as necessary to provide the services or comply with legal obligations.

Deletion requests are typically processed within 24 hours unless retention is required by law.

Data Breach Notification

In the event of a confirmed data breach affecting personal data, Potluck will notify affected parties without undue delay as required by law.

Termination

Upon termination of services, personal data may be deleted or returned upon request unless legal obligations require retention.

Governing Law

This DPA is governed by the laws of the State of Tennessee, United States.

Contact

Potluck, Inc.

Nashville, TN 37216

support@potluck.us