Effective date: June 7, 2026 · RK Ventures LLC
This DPA governs how W9Ready processes personal data on behalf of its customers. It supplements the Terms of Service.
This Data Processing Agreement ("DPA") is entered into between RK Ventures LLC ("Processor", "W9Ready", "we") and the customer entity that has agreed to the W9Ready Terms of Service ("Controller", "you"). This DPA forms part of and is incorporated into the Terms of Service. In the event of any conflict, this DPA shall prevail with respect to data processing matters.
"Personal Data" means any information relating to an identified or identifiable natural person, including contractor names, addresses, email addresses, and Tax Identification Numbers (TINs). "Processing" means any operation performed on Personal Data. "Sub-processor" means any third party engaged by W9Ready to process Personal Data on behalf of the Controller.
W9Ready processes Personal Data solely for the purpose of providing the W9Ready service as described in the Terms of Service. This includes: collecting and storing IRS Form W-9 information submitted by contractors; encrypting and securing Tax Identification Numbers; performing IRS TIN verification; generating 1099 readiness scores; and enabling data export for tax filing purposes. W9Ready processes Personal Data only on documented instructions from the Controller.
W9Ready processes the following categories of Personal Data on behalf of Controllers: contractor legal names and business names; contractor email addresses and mailing addresses; Tax Identification Numbers (SSNs and EINs), stored encrypted using AES-256-GCM; tax classification information; certificate of insurance data; and contract file metadata.
The Controller is responsible for: ensuring it has a lawful basis for collecting and sharing contractor Personal Data with W9Ready; providing contractors with appropriate notice that their W-9 information will be processed by W9Ready; ensuring the accuracy of Personal Data submitted to the Service; and complying with all applicable laws and regulations regarding the collection and use of Personal Data.
W9Ready agrees to: process Personal Data only on the Controller's instructions and for no other purpose; implement and maintain appropriate technical and organizational security measures to protect Personal Data against unauthorized access, disclosure, alteration, or destruction; ensure that personnel authorized to process Personal Data are bound by confidentiality obligations; notify the Controller without undue delay upon becoming aware of a Personal Data breach; and assist the Controller in fulfilling its obligations to respond to data subject requests.
W9Ready implements the following security measures: AES-256-GCM encryption for all Tax Identification Numbers at rest; TLS encryption for all data in transit; role-based access controls limiting data access to authorized personnel; audit logging of all data access and modification events; regular automated database backups with point-in-time recovery; and infrastructure hosted on SOC 2 Type II certified cloud providers.
W9Ready engages the following sub-processors to provide the Service:
W9Ready retains Personal Data for the duration of the Customer's subscription and for a period thereafter as required by applicable law or as configured by the Controller in the data retention settings. W-9 submissions and associated contractor data are retained for a default period of 4 years. Audit logs are retained for 7 years. Upon termination of the subscription, Controllers may export their data. W9Ready will delete or anonymize Personal Data within 90 days of subscription termination, unless longer retention is required by law.
W9Ready will assist Controllers in responding to requests from data subjects (contractors) exercising their rights under applicable law, including rights of access, correction, deletion, and portability. Controllers are responsible for receiving and evaluating such requests. W9Ready will provide reasonable technical assistance to facilitate compliance.
All Personal Data processed by W9Ready is stored and processed in the United States. W9Ready does not transfer Personal Data outside of the United States without the Controller's prior written consent, except as required by law.
W9Ready will make available to Controllers all information reasonably necessary to demonstrate compliance with this DPA. Controllers may conduct audits or inspections with 30 days written notice, subject to reasonable confidentiality requirements. W9Ready may satisfy audit requests by providing relevant third-party audit reports or certifications.
In the event of a confirmed Personal Data breach affecting Controller data, W9Ready will notify the Controller without undue delay and in any event within 72 hours of becoming aware of the breach. The notification will include: the nature of the breach; categories and approximate number of data subjects affected; likely consequences; and measures taken or proposed to address the breach.
This DPA is governed by the laws of the Commonwealth of Massachusetts. Any disputes arising under this DPA shall be resolved in the courts of Middlesex County, Massachusetts.
For data processing inquiries, contact W9Ready at hello@w9ready.com or RK Ventures LLC, Acton, MA, USA.