Data Processing Addendum

to the Master Services Agreement

Last Updated: March 2026

This Data Processing Addendum (“DPA”) is published by Atrios, Inc., a Delaware corporation (“Atrios”), and is incorporated by reference into the Master Services Agreement (the “Agreement”) between Atrios and each entity that executes an Order Form referencing the Agreement (“Client”). No separate execution of this DPA is required; it is deemed accepted by Client upon execution of an Order Form. In the event of a conflict between this DPA and the Agreement with respect to data processing matters, this DPA controls.

1. Definitions

Capitalized terms not defined herein have the meanings assigned in the Agreement.

Term	Definition
“Applicable Data Protection Law”	All laws and regulations applicable to the processing of Personal Data, including (as applicable) the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), the EU General Data Protection Regulation (GDPR) and its UK equivalent (UK GDPR), and any other privacy or data protection law applicable to a party.
“Controller”	The party that determines the purposes and means of processing Personal Data.
“Data Subject”	An identified or identifiable natural person to whom Personal Data relates, including prospective customers, meeting participants, and business contacts.
“Personal Data”	Any information relating to a Data Subject that Atrios processes on behalf of Client in connection with the Services, as further described in Annex A.
“Processing”	Any operation performed on Personal Data, including collection, storage, use, disclosure, combination, deletion, or destruction.
“Processor”	A party that processes Personal Data on behalf of a Controller.
“Security Incident”	Any confirmed unauthorized access, use, disclosure, alteration, or destruction of Personal Data.
“Services”	Has the meaning given in the Agreement, including operation of the Atrios Platform to facilitate business introductions, qualified meetings, and structured outcome feedback under the “Buy or Why” model.
“Sub-processor”	A third-party processor engaged by Atrios to process Personal Data in connection with the Services.

2. Roles of the Parties

2.1 Independent Controllers

Each party is an independent Controller with respect to Personal Data it receives from Data Subjects directly or through its own operations. Each party is solely responsible for its own compliance with Applicable Data Protection Law in its capacity as a Controller.

2.2 Atrios as Processor

To the extent Atrios processes Personal Data provided by Client in order to perform the Services, Atrios acts as a Processor with respect to such data and Client acts as the Controller. Client-provided data is limited to account-level information: account name, domain, website URL, and account status designation (i.e., the field within Client’s CRM that categorizes an account as a customer, prospect, or lead). Atrios does not receive or process individual contact information such as personal email addresses or phone numbers from Client. Atrios will process such Personal Data only in accordance with Client’s instructions as set forth in this DPA and the applicable Order Form, which together constitute Client’s complete and exclusive processing instructions. Atrios shall promptly inform Client if, in Atrios’s reasonable opinion, an instruction violates Applicable Data Protection Law.

2.3 Tastemakers

Tastemakers who participate in the Atrios Platform are independent third parties and are not employees or sub-processors of Atrios. Tastemakers do not have access to Client’s account list or any Client-provided data. They are shown only the existence of a specific match when there is a direct overlap between a person in their own social graph and an account that satisfies Client’s title and company targeting criteria as set forth in the applicable Order Form. The information disclosed to a Tastemaker in connection with a match is limited to: account name, company, and the title or role of the target contact. No individual contact information sourced from Client is disclosed to Tastemakers.

3. Processing Instructions

The Order Form and this DPA together constitute Client’s complete and exclusive processing instructions to Atrios. Atrios will process Client-provided Personal Data only:

As necessary to perform the Services, including prospect matching, disclosure of limited match information to Tastemakers as described in Section 2.3, scheduling of qualified meetings, recording of meeting outcomes, and delivery of structured feedback pursuant to the “Buy or Why” model;
As set forth in this DPA and the applicable Order Form; or
As required by Applicable Data Protection Law.

Client warrants that it has a lawful basis for sharing Personal Data with Atrios and that such data has been lawfully obtained. Atrios may suspend processing and shall notify Client if Atrios believes it has received an instruction that violates Applicable Data Protection Law.

4. Details of Processing

The subject matter, nature, purpose, and categories of Personal Data processed under this DPA are described in Annex A. Annex A may be updated by Atrios to reflect changes in the Services upon notice to Client.

5. Client Obligations

Client shall:

Comply with all Applicable Data Protection Law in its role as Controller, including providing required notices to Data Subjects and obtaining any necessary consents;
Ensure it has a lawful basis for each category of Personal Data shared with Atrios;
Ensure that any account data submitted to Atrios is accurate and has been lawfully obtained, as represented in Section 5 of the Agreement;
Promptly notify Atrios in writing of any changes that may affect Atrios’s processing obligations under the Order Form or this DPA; and
Not instruct Atrios to process Special Categories of Personal Data (as defined under GDPR Article 9) without a separate written agreement.

6. Security

6.1 Measures

Atrios shall implement and maintain technical and organizational measures appropriate to the risk to the security, confidentiality, integrity, and availability of Personal Data, including as described in Annex B. Atrios is currently undergoing SOC 2 Type 2 audit, using Vanta as its compliance automation platform. Upon completion, Atrios will make its SOC 2 Type 2 report available to Client upon written request subject to a confidentiality agreement.

6.2 Personnel

Atrios shall ensure that its personnel authorized to process Personal Data are subject to appropriate confidentiality obligations and receive relevant data protection training.

6.3 Assessment

Atrios shall periodically review and, where necessary, update its security measures to reflect changes in the threat landscape or the nature of processing.

7. Security Incidents

7.1 Notification

Atrios shall notify Client without undue delay, and in any event within seventy-two (72) hours of becoming aware of a confirmed Security Incident affecting Client-provided Personal Data. Notification shall include: (a) a description of the nature of the Security Incident; (b) categories and approximate number of Data Subjects affected; (c) approximate volume of Personal Data records affected; and (d) measures taken or proposed to address the incident.

7.2 Cooperation

Atrios shall cooperate in good faith with Client’s reasonable requests in connection with any Security Incident investigation, notification obligations, and remediation efforts. Notification does not constitute an admission of fault or liability.

8. Sub-Processors

8.1 Authorized Sub-processors

Client hereby authorizes Atrios to engage the Sub-processors listed in Annex C for the purposes described therein. Atrios shall impose data protection obligations on each Sub-processor no less protective than those in this DPA.

8.2 Changes

Atrios will provide at least thirty (30) days’ prior written notice before adding or replacing a material Sub-processor. Client may object in writing within fourteen (14) days on reasonable data protection grounds. If unresolved within fifteen (15) days of the objection, either party may terminate the applicable Order Form on written notice, with Client receiving a pro-rata refund of prepaid fees.

8.3 Liability

Atrios shall remain liable to Client for the acts and omissions of its Sub-processors to the same extent as if performing such processing directly, subject to the Agreement’s liability limitations.

9. Data Subject Rights

Atrios shall provide Client with reasonable technical and organizational assistance to fulfill Client’s obligations to respond to Data Subject requests under Applicable Data Protection Law. If Atrios receives a request directly from a Data Subject relating to Client-provided Personal Data, Atrios shall promptly forward it to Client and shall not respond substantively unless authorized in writing by Client or required by law.

10. International Data Transfers

Personal Data processed under this DPA is stored and processed in the United States. To the extent Client provides Personal Data originating from the EEA, UK, or other jurisdiction with data transfer restrictions, the parties agree to execute any required transfer mechanisms (such as Standard Contractual Clauses) as a separate addendum upon Client’s written request.

11. Retention & Deletion

11.1 Retention

Atrios will retain Client-provided Personal Data only as long as necessary to perform the Services or as required by applicable law.

11.2 Return or Deletion

Upon termination or expiration of the Agreement, or upon Client’s written request, Atrios shall delete or return Client-provided Personal Data within sixty (60) days and delete any remaining copies, unless Applicable Data Protection Law requires continued retention. Atrios shall certify such deletion upon written request.

12. Security Reports & Assessments

In lieu of a physical audit, Atrios will satisfy Client’s audit and assessment rights as follows:

Upon written request (no more than once per calendar year), Atrios shall provide Client with its most recent SOC 2 Type 2 report, or, while the audit is in progress, a summary of its current security posture and audit engagement status.
All reports and security information shared under this Section are Confidential Information and may only be used by Client to assess Atrios’s compliance with this DPA.
If a SOC 2 Type 2 report does not adequately address a specific compliance concern raised in good faith, the parties will cooperate to address it through alternative means, such as a security questionnaire.

13. Cooperation with Regulators

Each party shall reasonably cooperate with the other in responding to requests or investigations from data protection authorities relating to the processing of Personal Data under this DPA.

14. California Privacy Rights Act (CCPA/CPRA)

To the extent Applicable Data Protection Law includes the CCPA/CPRA:

Atrios is a “service provider” (as defined under CCPA/CPRA) with respect to Client-provided Personal Data and shall not sell or share such data for cross-context behavioral advertising;
Atrios shall not retain, use, or disclose Client-provided Personal Data outside the scope of the Agreement and this DPA, or for Atrios’s own commercial purposes beyond performing the Services;
Atrios certifies that it understands and will comply with its obligations under CCPA/CPRA; and
Atrios shall assist Client in responding to verifiable Consumer requests relating to Personal Data processed by Atrios on Client’s behalf.

15. General Provisions

15.1 Order of Precedence

In the event of a conflict between this DPA and the Agreement regarding data processing matters, this DPA controls. All other terms of the Agreement remain in full force.

15.2 Governing Law

This DPA is governed by the same governing law and jurisdiction as the Agreement (Delaware law).

15.3 Severability

If any provision of this DPA is held invalid or unenforceable, it shall be modified to the minimum extent necessary to be enforceable, and remaining provisions shall continue in full force.

15.4 Updates

Atrios may update this DPA from time to time to reflect changes in Applicable Data Protection Law, the Services, or Atrios’s data practices, with at least thirty (30) days’ prior written notice of material changes. Continued use of the Services following such notice constitutes acceptance.

Annex A — Processing Activities

Processing Activity Details
Subject Matter	Processing of Client-provided account data to perform the Services: matching prospective accounts to Tastemakers, facilitating warm introductions, scheduling qualified meetings, recording meeting outcomes, and delivering structured “Buy or Why” feedback.
Nature of Processing	Collection and storage of Client-provided account data; matching against Tastemaker social graph connections; disclosure of limited match information to Tastemakers (account name, company, and target contact title/role only, where a direct graph overlap exists); recording of meeting scheduling metadata and outcomes; deletion or return upon termination.
Purpose of Processing	To perform the Services as described in the Agreement and applicable Order Form: enabling Tastemakers to make targeted warm introductions to Client’s prospective accounts, facilitating qualified meetings, and capturing structured outcome feedback for Client’s benefit.
Duration	For the duration of the Agreement and such additional period as necessary to comply with applicable law or retention obligations.
Categories of Personal Data	Client-provided account-level data, limited to: (a) account name; (b) domain; (c) website URL; and (d) account status designation (the CRM field identifying an account as a customer, prospect, or lead). Meeting scheduling metadata (dates, times, calendar identifiers) and meeting outcome data (attendance, outcome designation, structured feedback notes) generated through use of the Services. Atrios does not receive individual contact information such as personal email addresses or phone numbers from Client.
Special Categories	None. Client shall not submit Special Categories of Personal Data (as defined under GDPR Article 9) without a separate written agreement.
Categories of Data Subjects	Client-designated prospective accounts and their associated contacts, to the extent such contacts are identified through Tastemaker social graph matching; Client’s employees and authorized platform users.
Transfers	Personal Data is processed and stored in the United States. Cross-border transfers are subject to Section 10 of this DPA.

Annex B — Security Measures

Atrios maintains the following technical and organizational security measures. Atrios is currently undergoing SOC 2 Type 2 audit using Vanta as its compliance automation platform.

Access Controls

Role-based access controls limiting access to Personal Data to authorized personnel on a need-to-know basis
Multi-factor authentication required for access to systems processing Personal Data
Regular access reviews and prompt revocation upon personnel departure or role change

Data Security

Encryption of Personal Data in transit using TLS 1.2 or higher
Encryption of Personal Data at rest using industry-standard algorithms
Logical separation of Client data within multi-tenant infrastructure

Organizational Measures

Personnel training on data protection obligations and security practices
Confidentiality obligations for all personnel with access to Personal Data
Designated internal responsibility for data protection compliance

Incident Management

Documented Security Incident response procedures
Monitoring and alerting for unauthorized access attempts
Post-incident review and remediation processes

Vendor Management

Due diligence on Sub-processors prior to engagement
Data processing agreements with all Sub-processors
Periodic review of Sub-processor security posture

Annex C — Authorized Sub-Processors

The following Sub-processors are authorized as of the Last Updated date above. Atrios will provide notice of material changes in accordance with Section 8.2.

Sub-processor	Entity / Jurisdiction	Processing Purpose	Data Processed
Amazon Web Services (AWS)	Amazon Web Services, Inc. / USA	Cloud hosting and storage of all platform data	All categories of Personal Data processed by the Atrios Platform
Nango	Nango, Inc. / USA	Unified API integration middleware enabling secure CRM and third-party data source connections on behalf of Client	Client-provided account data transmitted via CRM integrations (account name, domain, website URL, account status)
Nylas	Nylas, Inc. / USA	Email and calendar API infrastructure supporting meeting scheduling and calendar metadata processing	Meeting scheduling metadata (dates, times, calendar identifiers); limited contact metadata associated with calendar events
Whop	Whop, Inc. / USA	Payment processing for platform subscription fees and bounty transactions	Billing and transaction metadata; limited contact information for invoicing purposes

* This list is subject to change in accordance with Section 8.2.

Companies pay for real buying feedback.
You and your friends get rewarded for sharing.

Company

Meet the team Contact Us LinkedIn

Resources

FAQ Zoom integration Privacy Policy Terms of Use Master Services Agreement Data Processing Agreement

Data Processing Addendum

to the Master Services Agreement

Last Updated: March 2026

1. Definitions

Capitalized terms not defined herein have the meanings assigned in the Agreement.

Term	Definition
“Applicable Data Protection Law”	All laws and regulations applicable to the processing of Personal Data, including (as applicable) the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), the EU General Data Protection Regulation (GDPR) and its UK equivalent (UK GDPR), and any other privacy or data protection law applicable to a party.
“Controller”	The party that determines the purposes and means of processing Personal Data.
“Data Subject”	An identified or identifiable natural person to whom Personal Data relates, including prospective customers, meeting participants, and business contacts.
“Personal Data”	Any information relating to a Data Subject that Atrios processes on behalf of Client in connection with the Services, as further described in Annex A.
“Processing”	Any operation performed on Personal Data, including collection, storage, use, disclosure, combination, deletion, or destruction.
“Processor”	A party that processes Personal Data on behalf of a Controller.
“Security Incident”	Any confirmed unauthorized access, use, disclosure, alteration, or destruction of Personal Data.
“Services”	Has the meaning given in the Agreement, including operation of the Atrios Platform to facilitate business introductions, qualified meetings, and structured outcome feedback under the “Buy or Why” model.
“Sub-processor”	A third-party processor engaged by Atrios to process Personal Data in connection with the Services.

2. Roles of the Parties

2.1 Independent Controllers

2.2 Atrios as Processor

2.3 Tastemakers

3. Processing Instructions

The Order Form and this DPA together constitute Client’s complete and exclusive processing instructions to Atrios. Atrios will process Client-provided Personal Data only:

As necessary to perform the Services, including prospect matching, disclosure of limited match information to Tastemakers as described in Section 2.3, scheduling of qualified meetings, recording of meeting outcomes, and delivery of structured feedback pursuant to the “Buy or Why” model;
As set forth in this DPA and the applicable Order Form; or
As required by Applicable Data Protection Law.

4. Details of Processing

5. Client Obligations

Client shall:

Comply with all Applicable Data Protection Law in its role as Controller, including providing required notices to Data Subjects and obtaining any necessary consents;
Ensure it has a lawful basis for each category of Personal Data shared with Atrios;
Ensure that any account data submitted to Atrios is accurate and has been lawfully obtained, as represented in Section 5 of the Agreement;
Promptly notify Atrios in writing of any changes that may affect Atrios’s processing obligations under the Order Form or this DPA; and
Not instruct Atrios to process Special Categories of Personal Data (as defined under GDPR Article 9) without a separate written agreement.

6. Security

6.1 Measures

6.2 Personnel

Atrios shall ensure that its personnel authorized to process Personal Data are subject to appropriate confidentiality obligations and receive relevant data protection training.

6.3 Assessment

Atrios shall periodically review and, where necessary, update its security measures to reflect changes in the threat landscape or the nature of processing.

7. Security Incidents

7.1 Notification

7.2 Cooperation

8. Sub-Processors

8.1 Authorized Sub-processors

8.2 Changes

8.3 Liability

Atrios shall remain liable to Client for the acts and omissions of its Sub-processors to the same extent as if performing such processing directly, subject to the Agreement’s liability limitations.

9. Data Subject Rights

10. International Data Transfers

11. Retention & Deletion

11.1 Retention

Atrios will retain Client-provided Personal Data only as long as necessary to perform the Services or as required by applicable law.

11.2 Return or Deletion

12. Security Reports & Assessments

In lieu of a physical audit, Atrios will satisfy Client’s audit and assessment rights as follows:

Upon written request (no more than once per calendar year), Atrios shall provide Client with its most recent SOC 2 Type 2 report, or, while the audit is in progress, a summary of its current security posture and audit engagement status.
All reports and security information shared under this Section are Confidential Information and may only be used by Client to assess Atrios’s compliance with this DPA.
If a SOC 2 Type 2 report does not adequately address a specific compliance concern raised in good faith, the parties will cooperate to address it through alternative means, such as a security questionnaire.

13. Cooperation with Regulators

Each party shall reasonably cooperate with the other in responding to requests or investigations from data protection authorities relating to the processing of Personal Data under this DPA.

14. California Privacy Rights Act (CCPA/CPRA)

To the extent Applicable Data Protection Law includes the CCPA/CPRA:

Atrios is a “service provider” (as defined under CCPA/CPRA) with respect to Client-provided Personal Data and shall not sell or share such data for cross-context behavioral advertising;
Atrios shall not retain, use, or disclose Client-provided Personal Data outside the scope of the Agreement and this DPA, or for Atrios’s own commercial purposes beyond performing the Services;
Atrios certifies that it understands and will comply with its obligations under CCPA/CPRA; and
Atrios shall assist Client in responding to verifiable Consumer requests relating to Personal Data processed by Atrios on Client’s behalf.

15. General Provisions

15.1 Order of Precedence

In the event of a conflict between this DPA and the Agreement regarding data processing matters, this DPA controls. All other terms of the Agreement remain in full force.

15.2 Governing Law

This DPA is governed by the same governing law and jurisdiction as the Agreement (Delaware law).

15.3 Severability

If any provision of this DPA is held invalid or unenforceable, it shall be modified to the minimum extent necessary to be enforceable, and remaining provisions shall continue in full force.

15.4 Updates

Annex A — Processing Activities

Processing Activity Details
Subject Matter	Processing of Client-provided account data to perform the Services: matching prospective accounts to Tastemakers, facilitating warm introductions, scheduling qualified meetings, recording meeting outcomes, and delivering structured “Buy or Why” feedback.
Nature of Processing	Collection and storage of Client-provided account data; matching against Tastemaker social graph connections; disclosure of limited match information to Tastemakers (account name, company, and target contact title/role only, where a direct graph overlap exists); recording of meeting scheduling metadata and outcomes; deletion or return upon termination.
Purpose of Processing	To perform the Services as described in the Agreement and applicable Order Form: enabling Tastemakers to make targeted warm introductions to Client’s prospective accounts, facilitating qualified meetings, and capturing structured outcome feedback for Client’s benefit.
Duration	For the duration of the Agreement and such additional period as necessary to comply with applicable law or retention obligations.
Categories of Personal Data	Client-provided account-level data, limited to: (a) account name; (b) domain; (c) website URL; and (d) account status designation (the CRM field identifying an account as a customer, prospect, or lead). Meeting scheduling metadata (dates, times, calendar identifiers) and meeting outcome data (attendance, outcome designation, structured feedback notes) generated through use of the Services. Atrios does not receive individual contact information such as personal email addresses or phone numbers from Client.
Special Categories	None. Client shall not submit Special Categories of Personal Data (as defined under GDPR Article 9) without a separate written agreement.
Categories of Data Subjects	Client-designated prospective accounts and their associated contacts, to the extent such contacts are identified through Tastemaker social graph matching; Client’s employees and authorized platform users.
Transfers	Personal Data is processed and stored in the United States. Cross-border transfers are subject to Section 10 of this DPA.

Annex B — Security Measures

Atrios maintains the following technical and organizational security measures. Atrios is currently undergoing SOC 2 Type 2 audit using Vanta as its compliance automation platform.

Access Controls

Role-based access controls limiting access to Personal Data to authorized personnel on a need-to-know basis
Multi-factor authentication required for access to systems processing Personal Data
Regular access reviews and prompt revocation upon personnel departure or role change

Data Security

Encryption of Personal Data in transit using TLS 1.2 or higher
Encryption of Personal Data at rest using industry-standard algorithms
Logical separation of Client data within multi-tenant infrastructure

Organizational Measures

Personnel training on data protection obligations and security practices
Confidentiality obligations for all personnel with access to Personal Data
Designated internal responsibility for data protection compliance

Incident Management

Documented Security Incident response procedures
Monitoring and alerting for unauthorized access attempts
Post-incident review and remediation processes

Vendor Management

Due diligence on Sub-processors prior to engagement
Data processing agreements with all Sub-processors
Periodic review of Sub-processor security posture

Annex C — Authorized Sub-Processors

The following Sub-processors are authorized as of the Last Updated date above. Atrios will provide notice of material changes in accordance with Section 8.2.

Sub-processor	Entity / Jurisdiction	Processing Purpose	Data Processed
Amazon Web Services (AWS)	Amazon Web Services, Inc. / USA	Cloud hosting and storage of all platform data	All categories of Personal Data processed by the Atrios Platform
Nango	Nango, Inc. / USA	Unified API integration middleware enabling secure CRM and third-party data source connections on behalf of Client	Client-provided account data transmitted via CRM integrations (account name, domain, website URL, account status)
Nylas	Nylas, Inc. / USA	Email and calendar API infrastructure supporting meeting scheduling and calendar metadata processing	Meeting scheduling metadata (dates, times, calendar identifiers); limited contact metadata associated with calendar events
Whop	Whop, Inc. / USA	Payment processing for platform subscription fees and bounty transactions	Billing and transaction metadata; limited contact information for invoicing purposes

* This list is subject to change in accordance with Section 8.2.

Companies pay for real buying feedback.
You and your friends get rewarded for sharing.

Company

Meet the team Contact Us LinkedIn

Resources

FAQ Zoom integration Privacy Policy Terms of Use Master Services Agreement Data Processing Agreement

Data Processing Addendum

1. Definitions

2. Roles of the Parties

2.1 Independent Controllers

2.2 Atrios as Processor

2.3 Tastemakers

3. Processing Instructions

4. Details of Processing

5. Client Obligations

6. Security

6.1 Measures

6.2 Personnel

6.3 Assessment

7. Security Incidents

7.1 Notification

7.2 Cooperation

8. Sub-Processors

8.1 Authorized Sub-processors

8.2 Changes

8.3 Liability

9. Data Subject Rights

10. International Data Transfers

11. Retention & Deletion

11.1 Retention

11.2 Return or Deletion

12. Security Reports & Assessments

13. Cooperation with Regulators

14. California Privacy Rights Act (CCPA/CPRA)

15. General Provisions

15.1 Order of Precedence

15.2 Governing Law

15.3 Severability

15.4 Updates

Annex A — Processing Activities

Annex B — Security Measures

Access Controls

Data Security

Organizational Measures

Incident Management

Vendor Management

Annex C — Authorized Sub-Processors

Companies pay for real buying feedback.You and your friends get rewarded for sharing.

Company

Resources

Data Processing Addendum

1. Definitions

2. Roles of the Parties

2.1 Independent Controllers

2.2 Atrios as Processor

2.3 Tastemakers

3. Processing Instructions

4. Details of Processing

5. Client Obligations

6. Security

6.1 Measures

6.2 Personnel

6.3 Assessment

7. Security Incidents

7.1 Notification

7.2 Cooperation

8. Sub-Processors

8.1 Authorized Sub-processors

8.2 Changes

8.3 Liability

9. Data Subject Rights

10. International Data Transfers

11. Retention & Deletion

11.1 Retention

11.2 Return or Deletion

12. Security Reports & Assessments

13. Cooperation with Regulators

14. California Privacy Rights Act (CCPA/CPRA)

15. General Provisions

15.1 Order of Precedence

15.2 Governing Law

15.3 Severability

15.4 Updates

Annex A — Processing Activities

Annex B — Security Measures

Access Controls

Companies pay for real buying feedback.
You and your friends get rewarded for sharing.

Companies pay for real buying feedback.
You and your friends get rewarded for sharing.