Welcome to Infinite Reality

With just one click of a button, you can bring your vision to life.

iR Studio

|
OverviewPricingProduct DemosSupportGet Started

iR Studio

Get Started
TOS

“How-To” Videos

iR Studio

Data Processing Agreement (Controller)

Last updated and effective: March 20, 2025

This iR Studio Data Processing Agreement (Controller) (the “DPA”) is between you and Infinite Reality, Inc. (“Infinite Reality”), each a “Party” and collectively the “Parties.” All capitalized terms used but not defined herein will have the meanings ascribed to them in the Terms of Service (“Terms”). In the event of a conflict between the terms of this DPA and the Terms, the terms of this DPA shall prevail. This DPA is applicable to the extent that the Parties are each a Controller with respect to Personal Data Processed by or shared between the Parties, in each case, in connection with the Services.

1. Definitions. Unless otherwise defined herein, the capitalized terms used in this DPA shall have the following meaning:

1.1 “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.

1.2 “Data Protection Laws” means all applicable laws or regulations throughout the world relating to data protection and privacy and which apply to the Processing of Personal Data in connection with the Services, including without limitation the EU General Data Protection Regulation 2016/679 (“GDPR”) and the Swiss Federal Data Protection Act and its Ordinances, in each case, as may be amended, superseded or replaced.

1.3 “Data Subject” means an identified or identifiable natural person to whom the applicable Personal Data relates.

1.4 “Data Subject Request” means any request from a Data Subject to exercise its rights under applicable Data Protection Laws or Infinite Reality’s or your, as applicable, privacy policies or terms of service.

1.5 “De-Identified Data” means data that cannot be used to identify a specific Data Subject through any reasonable means.

1.6 “Personal Data” means any information relating to an identified or identifiable natural person where such information is protected similarly as personal data, personal information, or personally identifiable information under Data Protection Laws. “Personal Data” does not include De-Identified Data.

1.7 “Processing” means any operation or set of operations which is performed on Personal Data, whether or not by automated means, such as the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of Personal Data. The terms “Process,” “Processes,” and “Processed” will be construed accordingly.

1.8 “Processor” means a natural or legal person, public authority, agency or other body which Processes Personal Data on behalf of the Controller.

1.9 “Security Incident” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed by you or Infinite Reality, as applicable, in connection with the Services.

1.10 “Services” means the products and services that Infinite Reality has agreed to provide pursuant to the Terms that involve the Processing of Personal Data.

1.11 “Transfer” means the access by, transfer or delivery to, or disclosure to a person, entity or system of Personal Data where such person, entity or system is located in a country or jurisdiction other than the country or jurisdiction from which the Personal Data originated.

2. Independent Controllers. In performing their respective obligations under the Terms, each Party may receive Personal Data which may be subject to Data Protection Laws. The Parties acknowledge and agree that each Party is a separate and independent Controller with respect to such Personal Data and shall individually determine the purposes and means of its Processing of such Personal Data, including giving lawful instructions to any Processors. The Parties further acknowledge that neither Party is responsible for determining the requirements of Data Protection Laws applicable to the other Party.

3. Obligations of the Parties.

3.1 To the extent applicable, each Party agrees that it has obtained, or taken commercially reasonable steps to cause to be obtained, valid consent from Data Subjects as required by Data Protection Laws for the Processing purpose(s) for such Personal Data, and such Party, as between the Parties, remains solely responsible for obtaining such valid consent and communicating all relevant withdraws or revocations of consent to the other Party. Each Party shall notify the other Party (the “Data Receiving Party”) of any changes in, or revocation of, the permission to use, disclose or otherwise Process Personal Data that it provides to the Receiving Party in connection with the Services that would impact the Receiving Party’s ability to comply with the Terms, this DPA or applicable Data Protection Laws.

3.2 Each Party (the “Request Receiving Party”) shall notify the other Party of any Data Subject Request it has received from a Data Subject that may relate (in whole or in part), in the Receiving Party’s sole discretion, to the Processing activities of the other Party under the Terms. The Request Receiving Party shall be responsible for responding to any Data Subject Request to the extent the Data Subject Request relates to the Request Receiving Party’s Processing activities. To the extent a Data Subject Request does not relate to the Processing activities of the Request Receiving Party, the other Party authorizes the Request Receiving Party to respond to any Data Subject who makes such request to the Request Receiving Party to confirm that it has forwarded the request to the other Party and/or to advise the Data Subject to submit their request to the other Party. To the extent either Party (the “Requesting Party”) is not able to independently address any Data Subject Request, the other Party shall provide, upon written request at the Requesting Party’s expense, commercially reasonable assistance to the Requesting Party as is necessary to allow the Requesting Party to respond to the Data Subject Request.

4. Cooperation. Upon prior reasonable written request, each Party agrees to cooperate and provide the requesting Party with information demonstrating its compliance with Data Protection Law obligations relating to the Services.

5. Data Security.

5.1 The Parties shall implement and maintain appropriate technical and organizational measures to ensure a level of security of the Processing of Personal Data in connection with the Services appropriate to the risk, taking into account the state of the art, the costs of implementation, and the nature, scope, context and purpose of Processing.

5.2 The Parties shall ensure that persons who have authorized access to Personal Data on their behalf are subject to appropriate confidentiality obligations (whether a contractual or statutory duty).  

5.3 Each Party shall use commercially reasonable efforts to notify the other Party, without undue delay (not to exceed 48 hours after becoming aware), of a Security Incident that relates to Personal Data Processed under the Terms. At a Party’s request and expense, the other Party shall provide the requesting Party with reasonable assistance as necessary to enable the requesting Party to comply with applicable Data Protection Laws, including notifying competent authorities and/or affected Data Subjects about relevant Security Incidents, if the requesting Party is required to provide such notice under applicable Data Protection Laws. Either Party’s obligation to report or respond to a Security Incident under this Section 5 is not and will not be construed as an acknowledgement by such Party of any fault or liability with respect to the Security Incident.

6. Data Transfers. The Parties acknowledge and agree that each Party is authorized to Transfer Personal Data Processed in connection with the Services in accordance with Data Protection Laws. Each Party shall ensure that any Transfer it initiates will, where applicable, be subject to a lawful data transfer mechanism and/or appropriate onward transfer agreements that require that any further Transfers be conducted under a lawful data transfer mechanism.

7. General Terms.

7.1 Termination. Unless terminated earlier pursuant to the terms herein, this DPA will continue in force until the termination of the Terms.

7.2 Entire Agreement; Severability. This DPA constitutes the entire agreement between the Parties concerning the subject matter hereof and supersedes any and all oral or written agreements or understandings between the Parties, as to the subject matter of this DPA. In the event of a conflict between this DPA and the Terms, this DPA will govern and control with respect to the subject matter of this DPA. If any term of this DPA is deemed invalid or unenforceable, such term shall be deemed reformed or deleted, as the case may be, but only to the extent necessary to comply with the applicable law, rule or regulation, and the remaining provisions of this DPA shall remain in full force and effect.

7.3 Waiver. The waiver of a breach of any provision of this DPA will not operate or be interpreted as a waiver of any other or subsequent breach.

7.4 Amendment. Notwithstanding anything to the contrary herein, Infinite Reality reserves the right to amend or modify this DPA, in its sole discretion, by posting a revised version, which shall become effective and binding the next business day after it is posted.

7.5 Liability. This DPA does not provide any basis for either Party or any other person to recover damages of any type other than those set forth in the Terms and subject to all limitations set forth therein.

7.6 Governing Law. This DPA is governed by the law stipulated in the Terms, except to the extent required by applicable Data Protection Laws, in which case the jurisdiction set forth in the applicable Data Protection Law applies.

7.7 Notices. All notices and communications given under this DPA (a) to Infinite Reality shall be provided in accordance with the notice requirements set forth in the Terms and (b) to you shall be provided by email sent to the address related to your use of the Services under the Terms.

7.8 Authorization. You represent that you are authorized to agree to and enter into this DPA for and on behalf of yourself, and as applicable, your affiliates.

Sign up for Updates

Send me updates including industry white papers, news and product info.

Thank you! We’ll be in touch soon.
Oops! Something went wrong while submitting the form.

iR Brands

iR Studio
iR Enterprise
Obsess
Thunder Studios
DRL
TalentX

Resources

Retail Report
Case Studies
Blogs
iR Engine
iR Studio Documentation
iR Studio FAQ

Enterprise Offerings

Digital Twins
AI Assistants
Virtual Skybox
Virtual Lounges
3D Product Visualization
Virtual Showrooms

Company

Careers
About
News
Investors
Contact Us

About Infinite Reality

Infinite Reality (iR)™ powers the future of digital experiences through spatial computing and AI. Our innovative software, production, and marketing solutions help brands and creators build immersive experiences that drive engagement, data ownership, and brand value. About iR
Privacy  Policy
Terms of Service
CCPA Notice
Copyright © 2025 Infinite Reality, Inc. All rights reserved.