0. This is a template — not a signed agreement
This page publishes the standard DPA template Go Live Command offers to customers. It is informational and does not, by itself, create a contract. To establish a signed DPA for your organization, contact privacy@golivecommand.com — we will counter-sign and return an executed copy.
Customers should have their own legal counsel review this template before signing. Go Live Command does not provide legal advice.
1. Roles and definitions
When the Customer (the “Controller”) uses Go Live Command (the “Processor”) to process operational launch and support data that includes personal data of EU/EEA, UK, Swiss, or California data subjects, this DPA applies in addition to the Terms of Agreement and Privacy Policy.
“Personal data” has the meaning given in applicable law (GDPR, UK GDPR, CCPA/CPRA as amended). “Operational data” means the no-PHI launch/support context Go Live Command is designed to handle — role, unit, project, request category, urgency, callback point, audit events. Customer may not submit special-category data, payment data, passwords, badge secrets, or PHI/clinical data.
2. Subject matter and duration of processing
Go Live Command processes operational data on behalf of the Customer for the duration of the Customer's subscription, plus a finite retention window for audit logs and legal-hold purposes as configured in the Customer's account.
On termination, operational data is deleted or anonymized within the configured retention window. Audit logs may be retained where legally required.
3. Nature, purpose, and types of data
Purpose: route, resolve, audit, and report operational launch and support requests; coordinate work across Industry Operations Boards, Group Chat, the Workforce Lifecycle Suite, and the Training Center; provide notifications and integrations; administer accounts and entitlements.
Types of personal data: name, work email, work role, work organization, work location, device identifier, IP address, session metadata, audit timestamps, operational metadata, role and project assignments, training records, recognition records, and credential metadata (type, issuer, deduplicated credential number — supplied by the user). Go Live Command does not process special categories of personal data within the meaning of GDPR Article 9, payment card numbers, biometric data, or PHI.
Categories of data subjects: Customer's employees and contractors who use the Workforce Lifecycle Suite, organizational and project administrators, referral and approved-vendor partners, and other authorized partners who use or are referenced in the platform.
4. Sub-processors
The current sub-processor list is available to authenticated Customers under NDA via privacy@golivecommand.com and is mirrored in the Customer's admin dashboard. Sub-processors include the cloud, database, email, SMS, push, telemetry, and storage providers the Customer chooses to enable for their account.
Go Live Command will provide at least 30 days' notice before engaging a new sub-processor in a way that materially expands the scope of data processed, regardless of which product surface that sub-processor supports. Customer may object on reasonable data-protection grounds.
5. International transfers
Where personal data is transferred outside the EEA, UK, or Switzerland, the parties rely on the EU Standard Contractual Clauses (Module Two: Controller-to-Processor) as supplemented by the UK Addendum where applicable. Additional safeguards (encryption in transit and at rest, audit logging, role-based access, MFA) are described in the Security & Compliance page.
6. Security measures
Go Live Command implements the technical and organizational measures described in the Security & Compliance page, including: encrypted transport (TLS 1.2+), encrypted-at-rest secrets, role-based access control, MFA for administrators, signed sessions, CSRF protection, security headers, audit logging, production readiness gates, no-PHI guardrails, and incident response procedures.
Customers are responsible for configuring SSO, MFA, least-privilege roles, project offboarding, and approved integrations on their side.
7. Personal-data breach notification
Go Live Command will notify the Customer without undue delay — and in any event within 72 hours of becoming aware — of any personal-data breach affecting the Customer's data, with sufficient information for the Customer to meet their notification obligations.
8. Data-subject rights and assistance
Go Live Command provides administrative tooling so the Customer can fulfill data-subject rights (access, correction, deletion, portability, restriction, objection). For requests requiring Processor assistance, the Customer should contact privacy@golivecommand.com.
9. Audit rights
On reasonable notice and during business hours, Customer may audit Go Live Command's processing activities, or appoint a mutually-acceptable third-party auditor to do so, subject to confidentiality obligations. Standard SOC-style reports or equivalent attestations satisfy the audit obligation in most cases.
10. Conflicts and governing terms
Where this DPA conflicts with the Terms of Agreement, the DPA controls for matters of personal-data protection. Where this DPA conflicts with a Customer-specific Master Services Agreement, the Customer-specific MSA controls.
11. Contact and execution
To execute this DPA, send a signed copy to privacy@golivecommand.com. We will counter-sign and return an executed PDF and store it with the Customer's account record.