Skip to content
GoGo Engine
Acquire customers
How they find you and book.
Run your operation
What happens after they book.
Capture revenue
Money in, deposits handled, tax done.
See your data
Metrics that change tomorrow's decisions.
Reach customers
Email, SMS, and the support inbox.
Platform
Multi-everything. Built to scale with you.
Boats & Marine
Marinas, charters, jet skis, paddle.
Powersports
ATVs, side-by-sides, snowmobiles.
RV & Outdoor
RVs, campers, trailers, gear.
Equipment & Tool
Construction, party, AV, event.
Customer StoriesReal outcomes from operatorsGuides and PlaybooksGet more out of your fleetBlogField notes from operatorsAPI ReferenceBuild with the public APIChangelogWhat shipped this weekRoadmapWhat we are building next
Legal

Data Processing Addendum

Last updated: April 25, 2026

This Data Processing Addendum (“DPA”) supplements the Terms of Service between you (“Customer”) and GoGo Engine, Inc. (“Processor”) and applies to the processing of personal data on behalf of the Customer.

Subject matter

The Processor processes personal data only for the purpose of providing the Services and as instructed by the Customer.

Sub-processors

The Customer authorizes the Processor to engage sub-processors for hosting (Vercel), database (Supabase), payments (Stripe), email (Resend), SMS (Twilio), networking (Cloudflare), and object storage (AWS S3). The list at /legal/subprocessors is the authoritative source.

Standard Contractual Clauses

For transfers from the EU, UK, and Switzerland to the United States, the parties incorporate the EU SCCs (Module 2: Controller-to-Processor) and the UK International Data Transfer Addendum.

Security measures

The Processor maintains the technical and organizational measures described at /security, including encryption, tenant isolation, access controls, audit logging, vulnerability management, and incident response.

Audit rights

The Customer may request an attestation report (SOC 2) once available, and may request additional reasonable audits at the Customer’s cost on no fewer than 30 days’ notice.

Notification of breach

The Processor will notify the Customer without undue delay (and within 72 hours where required) upon becoming aware of a personal data breach, with information sufficient to enable the Customer to comply with its obligations.

Return / deletion

On termination, the Processor will return or delete personal data on Customer instruction within 35 days, save where retention is required by law.

Questions? Contact us. For security, see /security or/.well-known/security.txt.