AscendAscendBeta
  • Ascend AI
  • AI for Discord
Play
  • Matchmaking
  • Scrims
  • Tournaments
  • LFT/LFP
Discover
  • Scouting
  • Tracker
  • Crosshairs
  • Creatives
Store
  • Rewards
  • Shop
  • Marketplace
Ascend

Loading...

Legal · Data Processing

Data Processing Addendum

This Addendum governs how Play Ascend, Inc. processes personal data on behalf of merchants who connect their store to Ascend (for example, via the Shopify connector). It forms part of our agreement with you and sets out our obligations as a processor — security, sub-processors, data subject rights, breach notification, and international transfers. By installing or using a connector, you accept this Addendum. Questions or to sign a counterpart, email privacy@play-ascend.com.

Effective
June 19, 2026
Updated
June 19, 2026

01Overview and parties

This Data Processing Addendum ("DPA") governs how Play Ascend, Inc. ("Ascend", "we", "us") processes personal data on behalf of a merchant ("you", "Merchant", "Controller") when you install and use the Ascend rewards connector for Shopify (the "Connector").

Play Ascend, Inc. is a Delaware corporation located at 131 Continental Dr, Suite 305, Newark, Delaware 19713, USA. Our website is play-ascend.com.

This DPA forms part of, and is incorporated into, the agreement between you and Ascend that governs your use of the Connector (the "Agreement"). It sets out the terms that apply whenever Ascend processes personal data about your store's customers on your instructions.

To keep the roles straight:

  • For your store's customer and order data that flows through the Connector, you are the controller (or "business" under U.S. state law) and Ascend is the processor (or "service provider"). That data is the subject of this DPA.
  • For Ascend's own users' data — the account, wallet, and rewards activity of an Ascend member — Ascend is the controller in its own right. That processing is governed by the Ascend Privacy Policy, not this DPA.

If there is any conflict between this DPA and the rest of the Agreement on the subject of data protection, this DPA prevails.

02Definitions

Capitalised terms not defined here have the meaning given in the Agreement or in applicable Data Protection Law.

  • Data Protection Law — every law that applies to the processing of personal data under this DPA, including the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR"); the UK GDPR and the Data Protection Act 2018 ("UK GDPR"); the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA"); and other U.S. state privacy laws (Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana and the like).
  • Controller, processor, data subject, personal data, processing, personal data breach and supervisory authority have the meanings given in the GDPR. Under U.S. state law, business, service provider, consumer, sell, share and sensitive personal information have the meanings given in the CCPA/CPRA; "controller" should be read as "business" and "processor" as "service provider" where those laws apply.
  • Merchant Personal Data — personal data within your store's customer and order records that Ascend processes on your behalf through the Connector.
  • Sub-processor — a third party engaged by Ascend to process Merchant Personal Data on Ascend's behalf.
  • Standard Contractual Clauses ("SCCs") — the clauses approved by the European Commission in Decision (EU) 2021/914 for transfers of personal data to third countries.
  • UK Addendum — the International Data Transfer Addendum to the SCCs issued by the UK Information Commissioner under section 119A of the Data Protection Act 2018.

03Subject-matter, nature and purpose

What the Connector does

The Connector lets an Ascend member redeem a reward that is fulfilled from your Shopify store. When a member redeems an eligible reward, Ascend creates and tracks a fulfilment order in your store so you can ship the physical or digital item to the member. The processing exists for one purpose only: to create and track reward-fulfilment orders in your store.

Nature and purpose of processing

Ascend processes Merchant Personal Data to:

  • create an order in your Shopify store for the redeemed reward;
  • pass the member's fulfilment details (name, shipping address, phone) so you can ship the item; and
  • read back the order's status so the member can see where their reward is.

Ascend does not use Merchant Personal Data for marketing, profiling, advertising, analytics, model training, or any purpose other than fulfilling and tracking the reward order on your instructions.

Duration

Ascend processes Merchant Personal Data for as long as the Connector is installed and active on your store, plus the limited wind-down period described in Deletion and return of data below. Either party may end the processing by uninstalling or disabling the Connector.

04Data subjects and categories of data

Categories of data subjects

  • Your store's customers, and Ascend members who redeem a reward that is fulfilled from your store (these are typically the same people — an Ascend member placing a reward order in your store).

Categories of personal data

The Connector is built around data minimisation. It processes only the fields needed to fulfil and track a reward order:

Category Fields Why it's needed
Name First and last name of the recipient To address and ship the order
Shipping address Postal address for delivery To ship the physical reward
Phone Contact phone number Carrier delivery / customs where required
Order / fulfilment status Order ID, line items, fulfilment and shipping status To create the order and let the member track it

The Connector does not send the member's email address into your store, and it does not process special categories of data (Article 9 GDPR), government identifiers, payment-card data, or precise geolocation. Payments and card data are never handled by the Connector.

05Processor obligations

Ascend will:

Process only on documented instructions

Process Merchant Personal Data only on your documented instructions — including this DPA, the Agreement, and your configuration of the Connector — and only to provide and support the Connector. If a law to which Ascend is subject requires processing beyond your instructions, Ascend will tell you before doing so unless that law forbids it. If Ascend believes an instruction infringes Data Protection Law, it will inform you.

Keep personnel under confidentiality

Ensure that anyone authorised to process Merchant Personal Data is bound by an appropriate duty of confidentiality and processes the data only as needed to perform their role.

Apply appropriate security measures

Implement and maintain the technical and organisational measures described in Ascend's Security & Data Protection statement, which is incorporated into this DPA by reference. Those measures meet the requirements of Article 32 GDPR and are designed to protect Merchant Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. Ascend may update the measures over time provided the level of protection does not materially decrease.

Assist you

Taking into account the nature of the processing, Ascend will assist you, by appropriate technical and organisational measures and insofar as possible, to:

  • respond to data-subject requests (access, deletion, correction, portability, objection, and the equivalent U.S. state consumer rights);
  • meet your obligations to keep Merchant Personal Data secure, to notify personal data breaches, and to carry out data protection impact assessments and any prior consultation with a supervisory authority.

The Connector honours Shopify's mandatory compliance webhooks — customers/data_request, customers/redact, and shop/redact — which is how most data-subject access and deletion requests are fulfilled in practice.

Notify you of personal data breaches

Notify you without undue delay after becoming aware of a personal data breach affecting Merchant Personal Data, with the information you reasonably need to meet your own notification obligations, and cooperate with you to investigate and remediate it.

Delete or return data on termination

Delete or return Merchant Personal Data as described in Deletion and return of data below.

Make information available

Make available to you the information reasonably necessary to demonstrate compliance with this DPA, as described in Audits and information below.

06Sub-processors

General authorisation

You give Ascend general authorisation to engage the Sub-processors listed below to process Merchant Personal Data, and to engage further Sub-processors subject to the change-notice and flow-down terms in this section.

Current Sub-processors

Sub-processor Purpose Location
Supabase Database (Postgres) + authentication AWS ap-south-1 (Mumbai)
Amazon Web Services (AWS) Hosting / compute / infrastructure (Amplify web hosting; ECS Fargate services; Secrets Manager) AWS ap-south-1
Stripe Payments + subscription billing United States
Resend Transactional email United States
Discord / Google OAuth sign-in United States
Shopify The Connector — merchant store data Per the merchant's Shopify region

Flow-down terms

Before a Sub-processor processes Merchant Personal Data, Ascend will impose data-protection obligations on it that are no less protective than those in this DPA, including appropriate security obligations. Ascend remains fully liable to you for each Sub-processor's performance of its obligations.

Notice of changes

If Ascend intends to add or replace a Sub-processor, it will give you reasonable prior notice (for example, by updating the table above and announcing the change). If you have a reasonable, data-protection-based objection to a new Sub-processor, tell us — we'll work in good faith to address it, and if we can't, you may suspend or terminate use of the affected part of the Connector.

07International transfers

Ascend is based in the United States and its primary database and hosting run on AWS in the ap-south-1 (Mumbai) region, so Merchant Personal Data may be processed outside the country where you or your customers are located.

Where Ascend processes Merchant Personal Data that is subject to the GDPR or UK GDPR and transfers it to a country without an adequacy decision:

  • the EU Standard Contractual Clauses (Decision (EU) 2021/914), Module 2 (controller-to-processor) or Module 3 (processor-to-processor) as applicable, are incorporated into this DPA and apply to that transfer; and
  • for transfers subject to UK GDPR, the UK International Data Transfer Addendum to the SCCs applies; for transfers subject to Swiss law, the SCCs apply with the adaptations the Swiss Federal Data Protection and Information Commissioner requires.

Where the SCCs apply, you are the data exporter and Ascend is the data importer; the optional docking clause applies; the governing law and forum are those of the SCCs; and the categories of data, data subjects, and security measures set out in this DPA and the Security statement populate the SCC annexes. Ascend will carry out and assist with transfer impact assessments where Data Protection Law requires them.

08Audits and information

Ascend will make available to you the information reasonably necessary to demonstrate compliance with this DPA, and will allow for and contribute to audits — including inspections — conducted by you or an auditor you mandate, subject to:

  • reasonable prior written notice (at least 30 days, except where Data Protection Law or a supervisory authority requires sooner);
  • audits being limited to once in any 12-month period, unless a personal data breach or a supervisory authority's instruction makes another necessary;
  • the auditor agreeing to reasonable confidentiality obligations and not unreasonably disrupting Ascend's operations or those of its other customers; and
  • Ascend being able to satisfy reasonable requests, where appropriate, with up-to-date documentation describing its security measures rather than an on-site inspection.

You bear your own audit costs; Ascend bears the cost of remedying any non-compliance an audit identifies.

09U.S. state privacy terms

This section applies where the CCPA/CPRA or another U.S. state privacy law governs Merchant Personal Data. With respect to that data, Ascend acts as a service provider (or "processor"/"contractor" as those laws define it) and certifies that it will:

  • process Merchant Personal Data only to perform the Connector's business purpose described in this DPA and the Agreement, and on your behalf;
  • not sell and not share Merchant Personal Data (as "sell" and "share" are defined under the CCPA/CPRA);
  • not retain, use, or disclose Merchant Personal Data for any purpose other than the business purposes specified, including outside the direct business relationship with you, except as permitted by law;
  • not combine Merchant Personal Data with personal data it receives from, or on behalf of, anyone else, or collects from its own interaction with the consumer, except as the CCPA/CPRA permits;
  • comply with its obligations under applicable U.S. state privacy law and provide the same level of privacy protection as that law requires; and
  • notify you if it determines it can no longer meet these obligations, in which case you may take reasonable steps to stop and remediate the unauthorised use.

You may take reasonable and appropriate steps to ensure Ascend uses Merchant Personal Data consistently with your obligations under U.S. state privacy law, and to stop and remediate any unauthorised use. Ascend will enable you to comply with consumer requests it must facilitate as a service provider.

10Liability and precedence

Each party's liability arising out of or related to this DPA is subject to the limitations and exclusions of liability set out in the Agreement, and any reference in the Agreement to a party's liability means aggregate liability under the Agreement and this DPA together.

In the event of a conflict among these documents, the order of precedence is: (1) the Standard Contractual Clauses and UK Addendum, to the extent they apply to a restricted transfer; (2) this DPA; (3) the rest of the Agreement. Nothing in this DPA or the Agreement limits any right a data subject has under Data Protection Law.

11Governing law

This DPA is governed by the laws of the State of Delaware and the United States, without prejudice to: (a) any mandatory provision of Data Protection Law in the EEA, UK, or your jurisdiction that applies regardless of choice of law; and (b) the governing-law and jurisdiction terms of the Standard Contractual Clauses or UK Addendum, which prevail for any restricted transfer they cover.

12Deletion and return of data

On termination of the processing — when you uninstall or disable the Connector, or when the Agreement ends — Ascend will, at your choice, delete or return Merchant Personal Data and delete existing copies, unless Data Protection Law requires it to be retained. Ascend honours Shopify's shop/redact webhook, which Shopify sends after a store uninstalls the app, to redact Merchant Personal Data held for that store. Any residual copies in routine encrypted backups are purged on the normal backup cycle (within 30 days). Where Ascend must retain data to comply with a legal obligation, it will keep it only for as long as the law requires and only for that purpose.

13How to execute or accept

By installing and using the Connector, you accept this DPA on behalf of yourself and, where you act for an organisation, that organisation, and you confirm you have authority to do so. This DPA takes effect on the earlier of your installation of the Connector or your acceptance of the Agreement, and it remains in force for as long as Ascend processes Merchant Personal Data on your behalf.

If your compliance programme requires a separately signed counterpart of this DPA (for example, with the SCCs executed as a standalone document), email privacy@play-ascend.com and we'll arrange one. A signed counterpart and this online DPA have the same effect; if both exist, the signed counterpart prevails for the parties that signed it.

14Contact

For questions about this DPA, to request a signed counterpart, or for any data-protection matter relating to the Connector, email privacy@play-ascend.com or write to Play Ascend, Inc., 131 Continental Dr, Suite 305, Newark, Delaware 19713, USA.

On this page
  • Overview and parties
  • Definitions
  • Subject-matter, nature and purpose
  • Data subjects and categories of data
  • Processor obligations
  • Sub-processors
  • International transfers
  • Audits and information
  • U.S. state privacy terms
  • Liability and precedence
  • Governing law
  • Deletion and return of data
  • How to execute or accept
  • Contact
Ascend

Ascend is an esports gaming platform — tracker, shop, matchmaking, rewards, and Ascend AI for Discord communities.

Product
  • Tracker
  • Shop
  • Shop Affiliates
  • Players
  • Esports
  • Crosshairs
  • Marketplace
Community
  • Matchmaking
  • LFT/LFP
  • Scrims
  • Rewards
  • How rewards work
  • Rewards Partners
  • Become a Partner
  • Discord
Ascend AI
  • Overview
  • Docs
  • Pricing
  • Install
Company
  • Blog
  • Contact
  • Privacy
  • Terms
  • DPA
  • Security
© 2026 Ascend. All rights reserved.
TermsPrivacyContact