Data Processing Addendum

1. Definitions

For purposes of this DPA:

• "CCPA" means the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020, and its implementing regulations.
• "Controller" means the entity that, alone or jointly with others, determines the purposes and means of the Processing of Personal Data. For Customer Personal Data Processed under this DPA, the Customer is the Controller (or, where the Customer is itself acting as a processor for a third party, the Customer is a processor and HPDash is a sub-processor; in that case the Customer represents that it has authority to engage HPDash and to give the instructions in this DPA).
• "Customer Personal Data" means Personal Data that HPDash Processes on the Customer's behalf in the course of providing the Service, as further described in Section 3 and Annex 1.
• "Data Protection Laws" means all laws and regulations applicable to the Processing of Personal Data under this DPA, including, where applicable, the EU General Data Protection Regulation 2016/679 ("EU GDPR"), the EU GDPR as incorporated into United Kingdom law ("UK GDPR"), and the CCPA.
• "Data Subject" means an identified or identifiable natural person to whom Personal Data relates.
• "Personal Data" means any information relating to a Data Subject that constitutes "personal data," "personal information," or an equivalent term under the applicable Data Protection Laws, and that is Processed under this DPA.
• "Processing" (and "Process," "Processes," and "Processed") means any operation performed on Personal Data, whether or not by automated means, including collection, recording, organization, storage, retrieval, use, disclosure, transmission, routing, erasure, or destruction.
• "Processor" means the entity that Processes Personal Data on behalf of the Controller. With respect to Customer Personal Data, HPDash acts as a Processor. Under the CCPA, HPDash acts as a "service provider."
• "Service," "Software," "Operator," "Unit" and "Accessed Machine," "Owner," and the other capitalized product terms have the meanings given in the Terms. In summary: the "Service" is HPDash's hosted cloud relay/gateway that brokers the encrypted connection between an Operator Client and an Agent; the "Software" means the HPDash Remote Agent and the Operator Clients (for the HPDash Remote documents, this definition supersedes any more general definition of "Software" in the Terms or any HPDash site-wide terms); an "Operator" is an authorized user of the Customer; a "Unit" or "Accessed Machine" is a computer running the Agent that an Operator views or controls; and the "Owner" is the Customer's account administrator.
• "Sub-processor" means any third party engaged by HPDash to Process Customer Personal Data on HPDash's behalf in connection with the Service.
• "Standard Contractual Clauses" or "SCCs" means the standard contractual clauses for the transfer of personal data to third countries adopted by the European Commission in Implementing Decision (EU) 2021/914, as amended or replaced from time to time.
• "UK Addendum" means the International Data Transfer Addendum to the EU Standard Contractual Clauses issued by the United Kingdom Information Commissioner under section 119A of the Data Protection Act 2018, as amended or replaced from time to time.

The terms "sell," "share," "business purpose," and "commercial purpose" have the meanings given to them in the CCPA.

2. Roles of the Parties

2.1 Allocation of roles. With respect to Customer Personal Data, the Customer is the Controller and HPDash is the Processor (a "service provider" under the CCPA). Where the Customer is an individual using the Service to access its own machines, this DPA applies only to the extent that the Customer is acting as a Controller of others' Personal Data; otherwise the Processing falls outside this DPA.

2.2 Customer responsibilities. The Customer is responsible for the lawfulness of the Personal Data it (and its Operators) makes available to HPDash through the Service and for having a valid legal basis for the Processing. As set out in the Terms, the AUP, and the EULA, the Customer represents and warrants that it is authorized to access each Unit and has obtained all necessary consents from the Unit's Owner and any users of the Unit, including any all-party consent required for the Audio and two-way Calling features. The Customer is responsible for providing any notices and obtaining any consents required from Data Subjects under Data Protection Laws.

2.3 HPDash responsibilities. HPDash will Process Customer Personal Data only as a Processor / service provider and only in accordance with this DPA and the Customer's documented instructions.

3. Subject Matter, Duration, Nature, and Purpose of Processing

3.1 Subject matter. The subject matter of the Processing is the Customer Personal Data described in Annex 1, Processed by HPDash in the course of providing the Service to the Customer.

3.2 Duration. HPDash will Process Customer Personal Data for the duration of the Customer's subscription to the Service and for any period thereafter described in Section 11 (Deletion and Return of Data) and in the HPDash Remote Privacy Policy.

3.3 Nature and purpose. The nature of the Processing is the automated relaying and routing of encrypted remote-access sessions between Operator Clients and Agents, and the operation, security, support, and billing of the Service. The purpose of the Processing is to provide the Service to the Customer in accordance with the Terms, including: brokering the encrypted connection between an Operator Client and an Agent; authenticating Operators and Units; routing session traffic; preventing and investigating abuse; providing support; and administering subscriptions and billing.

3.4 Categories of Data Subjects. The Customer Personal Data Processed under this DPA relates to the following categories of Data Subjects:

• (a) the Customer's Operators and account administrators (Owners) — the authorized users of the Service; and
• (b) the Owners and users of the Units / Accessed Machines that Operators connect to through the Service.

3.5 Categories of Personal Data. The categories of Personal Data are described in Annex 1 and consist principally of account identifiers and connection metadata.

3.6 Session content is end-to-end encrypted and not accessible to HPDash. Session content — screen video, keystrokes, mouse input, transferred files, and audio — is end-to-end encrypted between the Operator Client and the Agent using the Noise protocol with per-channel and per-session keys. The Service relays only ciphertext. HPDash cannot read the screen, keystrokes, transferred files, or audio of a session, and HPDash does not store session content. The Service is not designed to access the unencrypted content of a session. Accordingly, session content is not Customer Personal Data Processed by HPDash under this DPA, and is not included in the categories described in Annex 1. To the extent any Personal Data is contained within session content, the Customer Processes that data using the Software in a manner that is not accessible to HPDash.

3.7 Sensitive data. The Service is not intended for, and the Customer must not use it to cause HPDash (as opposed to the Customer's own end-to-end encrypted session use) to Process special categories of Personal Data within the meaning of Article 9 of the EU GDPR or UK GDPR.

4. Processing on Documented Instructions

4.1 HPDash will Process Customer Personal Data only on the documented instructions of the Customer, including with regard to international transfers, unless required to do otherwise by applicable law to which HPDash is subject. The Customer's documented instructions are constituted by the Terms, this DPA, the Customer's configuration and use of the Service, and any further written instructions agreed by the parties. HPDash will not retain, use, disclose, or otherwise Process Customer Personal Data for any purpose other than the specific purpose of performing the Service, or otherwise as permitted by the CCPA; HPDash will not "sell" or "share" Customer Personal Data and will not Process it outside the direct business relationship between the parties or for any commercial purpose other than providing the Service.

4.2 If HPDash is required by applicable law to Process Customer Personal Data other than as instructed, HPDash will, to the extent legally permitted, inform the Customer of that legal requirement before Processing.

4.3 HPDash will promptly inform the Customer if, in HPDash's opinion, an instruction infringes Data Protection Laws. HPDash is not obligated to perform a legal review of the Customer's instructions and makes no representation that an absence of notice means an instruction complies with law.

5. Confidentiality of Personnel

HPDash will ensure that persons authorized to Process Customer Personal Data are subject to an appropriate duty of confidentiality (whether a contractual or statutory duty) and Process Customer Personal Data only on HPDash's instructions consistent with this DPA. HPDash will limit access to Customer Personal Data to personnel who need access to provide, secure, support, or bill the Service.

6. Security Measures (Article 32)

6.1 Taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of the Processing, as well as the risk to Data Subjects, HPDash implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, as further described in Annex 2 (Technical and Organizational Measures). These measures include, without limitation:

• (a) End-to-end encryption of session content. Screen video, keystrokes, mouse input, transferred files, and audio are end-to-end encrypted between the Operator Client and the Agent using the Noise protocol with per-channel / per-session keys. The hosted Service relays only ciphertext and cannot read or store session content.
• (b) Strong, standard cryptography in transit. HPDash uses standard, published cryptographic algorithms, including the Noise protocol, X25519 key agreement, AES, and ChaCha20-Poly1305.
• (c) Hardened credential storage. Account passwords are stored only as Argon2id hashes with an out-of-database pepper. Access, refresh, and enrollment tokens, and per-Unit connection passwords, are stored only as hashes.
• (d) Access controls. Capability-gated, per-Operator-per-Unit authorization governs what each Operator may do on each Unit (for example View, Control, File transfer, Terminal, Unattended access, Audio, Calling, and remote Reboot/Shutdown), and internal access to systems that handle Customer Personal Data is restricted to authorized personnel.
• (e) Identifiable, non-covert Agent. The unattended Agent runs as a Windows service that is identifiable and removable and is not designed to hide its presence.
• (f) Logging for routing, abuse-prevention, and support, and measures designed to preserve the confidentiality, integrity, availability, and resilience of the Service.

6.2 The Customer is responsible for the security configuration within its control, including managing Operator accounts, seat assignments, capability grants, per-Unit connection passwords, and the security of the Operator Clients and Units it operates.

7. Sub-processors

7.1 General authorization. The Customer provides a general authorization for HPDash to engage Sub-processors to Process Customer Personal Data in connection with the Service. The Sub-processors engaged as of the effective date of this DPA are listed in Annex 3.

7.2 Equivalent terms. Where HPDash engages a Sub-processor, HPDash will impose on that Sub-processor, by written contract, data-protection obligations that are substantially the same as, and in any event no less protective than, those set out in this DPA, including appropriate security measures. HPDash remains responsible to the Customer for the performance of each Sub-processor's obligations.

7.3 Change notice and objection. HPDash will give the Customer at least [NUMBER] days' prior notice (for example, by updating Annex 3 or the online Sub-processor list at [SUB-PROCESSOR LIST URL] and notifying the Owner's contact email) before adding or replacing a Sub-processor that Processes Customer Personal Data. The Customer may object to a new Sub-processor on reasonable, documented data-protection grounds within [NUMBER] days of the notice. The parties will work in good faith to resolve the objection. If the parties cannot resolve the objection, the Customer may, as its sole remedy, terminate the affected portion of the Service that cannot be provided without the Sub-processor by giving written notice, subject to the Terms.

8. Assistance with Data-Subject Requests

8.1 Taking into account the nature of the Processing, HPDash will provide reasonable assistance to the Customer, by appropriate technical and organizational measures and insofar as possible, to enable the Customer to respond to requests from Data Subjects to exercise their rights under Data Protection Laws (including rights of access, rectification, erasure, restriction, portability, and objection).

8.2 If HPDash receives a request from a Data Subject relating to Customer Personal Data, HPDash will not respond directly except to confirm that the request should be directed to the Customer, and will, to the extent legally permitted, promptly forward the request to the Customer. Because session content is end-to-end encrypted and not accessible to HPDash, HPDash's assistance is limited to the account identifiers and connection metadata that HPDash actually Processes.

9. Assistance with Breach Notification, DPIAs, and Consultation

9.1 Personal data breach. HPDash will notify the Customer without undue delay after becoming aware of a personal data breach affecting Customer Personal Data. The notification will include, to the extent then known and reasonably available to HPDash, the nature of the breach, the categories and approximate number of Data Subjects and records concerned, the likely consequences, and the measures taken or proposed to address it. HPDash will provide reasonable assistance to the Customer in meeting the Customer's own breach-notification obligations to supervisory authorities and Data Subjects. HPDash's notification is not an acknowledgment of fault or liability.

9.2 DPIAs and prior consultation. Taking into account the nature of the Processing and the information available to HPDash, HPDash will provide the Customer with reasonable assistance with data protection impact assessments and prior consultations with supervisory authorities that the Customer is required to carry out under Data Protection Laws, to the extent such assessments relate to HPDash's Processing of Customer Personal Data.

10. Audits and Demonstration of Compliance

10.1 HPDash will make available to the Customer information reasonably necessary to demonstrate compliance with the obligations set out in this DPA and in Article 28 of the EU GDPR and UK GDPR.

10.2 HPDash will allow for and contribute to audits, including inspections, conducted by the Customer or an independent auditor mandated by the Customer, subject to the following: audits will be conducted on reasonable prior written notice of at least [NUMBER] days; no more than once per twelve (12) month period (except where required by a supervisory authority or following a personal data breach affecting Customer Personal Data); during normal business hours; in a manner that does not unreasonably disrupt HPDash's operations or compromise the security or confidentiality of other customers' data; and subject to appropriate confidentiality obligations. HPDash may satisfy an audit request by providing relevant documentation, written responses, or available third-party reports or certifications where they reasonably address the Customer's request. The Customer bears its own costs and HPDash's reasonable costs for any audit beyond the provision of standard documentation.

11. Deletion and Return of Data

11.1 Upon termination or expiry of the Customer's subscription to the Service, HPDash will, at the Customer's choice, delete or return Customer Personal Data Processed on the Customer's behalf, and delete existing copies, unless applicable law requires continued storage. Because session content is end-to-end encrypted and not stored by the Service, this Section applies to the account identifiers and connection metadata that HPDash actually Processes.

11.2 HPDash may retain Customer Personal Data to the extent and for the period required by applicable law, or as necessary for billing, dispute resolution, security, or abuse-prevention records, in which case HPDash will continue to protect that data in accordance with this DPA and limit Processing to the purpose of the retention. Specific retention periods are described in the HPDash Remote Privacy Policy.

12. International Transfers

12.1 General. HPDash and its Sub-processors are located in or may Process Customer Personal Data in the United States. The Customer authorizes the transfer of Customer Personal Data to the United States and to the locations of the Sub-processors listed in Annex 3, subject to the safeguards in this Section. The transfer mechanisms in Sections 12.2 and 12.3 apply only where, and to the extent that, the Customer's use of the Service brings Personal Data subject to the EU GDPR or UK GDPR within the scope of this DPA; HPDash does not by this DPA represent that it operates an active EU or UK transfer program independent of such use.

12.2 EU transfers. Where HPDash Processes Customer Personal Data subject to the EU GDPR and transfers it to a country that has not been recognized by the European Commission as providing an adequate level of protection, the Standard Contractual Clauses are incorporated into this DPA by reference and apply to that transfer. For these purposes: Module Two (Controller to Processor) applies where the Customer is a Controller and HPDash is a Processor, and Module Three (Processor to Processor) applies where the Customer is itself a processor and HPDash is a sub-processor; the Customer is the "data exporter" and HPDash is the "data importer"; the optional docking clause applies; the option for general sub-processor authorization in Clause 9 applies, consistent with Section 7; in Clause 17, the governing law is the law of the Republic of Ireland; in Clause 18, the courts of Ireland have jurisdiction; and Annexes 1, 2, and 3 of this DPA populate the corresponding annexes of the SCCs.

12.3 UK transfers. Where HPDash Processes Customer Personal Data subject to the UK GDPR and transfers it to a country that has not been recognized by the United Kingdom as providing an adequate level of protection, the SCCs as described in Section 12.2 apply as varied by the UK Addendum, which is incorporated into this DPA by reference. For the UK Addendum: the start date is the effective date of this DPA; Tables 1, 2, and 3 are populated by the parties' details and the annexes of this DPA; and in Table 4, neither party may end the UK Addendum except as permitted by it.

12.4 Alternative mechanisms. If the SCCs or the UK Addendum are invalidated, replaced, or no longer provide a valid transfer mechanism, the parties will work in good faith to implement an alternative lawful transfer mechanism.

13. CCPA Service-Provider Terms

13.1 To the extent HPDash Processes Personal Data that is subject to the CCPA on the Customer's behalf, HPDash acts as a "service provider" and the following apply:

• (a) HPDash will not "sell" or "share" Customer Personal Data as those terms are defined in the CCPA;
• (b) HPDash will not retain, use, or disclose Customer Personal Data for any purpose other than the specific business purpose of performing the Service specified in this DPA and the Terms, including not retaining, using, or disclosing it for a commercial purpose other than providing the Service;
• (c) HPDash will not retain, use, or disclose Customer Personal Data outside the direct business relationship between HPDash and the Customer;
• (d) HPDash will not combine Customer Personal Data with personal information it receives from, or on behalf of, another person, or collects from its own interaction with a consumer, except as permitted by the CCPA;
• (e) HPDash certifies that it understands the restrictions in this Section and will comply with them; and
• (f) HPDash will notify the Customer if it determines it can no longer meet its obligations under the CCPA, and the Customer may take reasonable and appropriate steps to stop and remediate unauthorized use of Customer Personal Data.

13.2 The Customer may take reasonable and appropriate steps to help ensure that HPDash uses Customer Personal Data in a manner consistent with the Customer's obligations under the CCPA.

14. Liability

Each party's liability arising out of or related to this DPA, whether in contract, tort, or any other theory of liability, is subject to the disclaimers and the limitations and exclusions of liability set out in the Terms, and any reference in those limitations to liability arising out of or relating to the Terms or the Service is deemed to include liability arising out of or relating to this DPA. Without limiting the foregoing, HPDash's total aggregate liability under this DPA and the Terms, taken together, will not exceed the fees you actually paid to HPDash for the Service in the twelve (12) months immediately preceding the event giving rise to the claim, and in no event will HPDash be liable for any indirect, incidental, special, consequential, or exemplary damages, or for lost profits, to the extent permitted by applicable law. Consistent with the Terms, this limitation does not apply to, and does not cap, the Customer's indemnification obligations, the Customer's payment obligations, or the Customer's liability for breach of the authorization-and-consent representation, the AUP, or violations of law or third-party intellectual-property rights. This Section does not limit either party's liability to a Data Subject under Data Protection Laws to the extent such liability cannot be limited by agreement.

15. Term, Conflict, and Miscellaneous

15.1 This DPA takes effect on the date it is accepted or signed and continues for so long as HPDash Processes Customer Personal Data on the Customer's behalf.

15.2 In the event of a conflict between this DPA and the Terms regarding the Processing of Personal Data, this DPA controls. In the event of a conflict between this DPA and the Standard Contractual Clauses or the UK Addendum, the SCCs or the UK Addendum (as applicable) control with respect to the transfer they govern.

15.3 This DPA is governed by and construed in accordance with the governing law and venue provisions of the Terms, except where Data Protection Laws or the SCCs require otherwise (including the governing law and jurisdiction designated for the SCCs in Section 12). For reference, the Terms provide that they are governed by the laws of the State of Oregon, without regard to its conflict-of-laws principles, with exclusive venue in the state or federal courts located in the State of Oregon. The informal-resolution and any arbitration provisions of the Terms apply to disputes arising out of or relating to this DPA in the same manner as they apply to disputes under the Terms, except for any transfer governed by the SCCs or the UK Addendum, where the governing law and forum designated in those instruments control as provided in Section 12.

15.4 We may update this DPA from time to time to reflect changes in the Service, Sub-processors, or Data Protection Laws. Material changes take effect when posted with an updated "Last updated" date or as otherwise notified to the Owner's contact, and the Customer's continued use of the Service constitutes acceptance of the revised DPA, except that changes to the SCCs or the UK Addendum will be made only as permitted by those instruments.

15.5 This DPA, together with the Terms, the AUP, the EULA, the HPDash Remote Privacy Policy, and the annexes and clauses incorporated by reference (including the Standard Contractual Clauses and the UK Addendum), constitutes the entire agreement between the parties regarding the Processing of Customer Personal Data and supersedes any prior agreement on that subject.

Signature Blocks

By signing below, each party agrees to be bound by this DPA, including the annexes and the Standard Contractual Clauses and UK Addendum incorporated by reference.

HPDash, LLC (Processor / service provider; data importer)

• Signature: ______________________________
• Name: [NAME]
• Title: [TITLE]
• Date: [DATE]

Customer (Controller / business; data exporter)

• Entity name: [CUSTOMER LEGAL ENTITY NAME]
• Signature: ______________________________
• Name: [NAME]
• Title: [TITLE]
• Date: [DATE]
• Notice email: [CUSTOMER CONTACT EMAIL]

Annex 1 — Description of Processing

Categories of Data Subjects:

• The Customer's Operators and account administrators (Owners) — authorized users of the Service.
• The Owners and users of the Units / Accessed Machines that Operators connect to through the Service.

Categories of Personal Data:

• Account data: Operator and Owner identifiers, including username and email address, and Argon2id password hashes (stored as hashes only).
• Tenant / billing data: tenant (shop) record, billing email, subscription status and "paid-through" state, and order/payment metadata sourced from Squarespace and Stripe. HPDash does not store full payment card numbers.
• Connection metadata: per-session metadata used for routing, abuse-prevention, and support, including room/Unit identifiers, IP addresses, timestamps, byte counts, and connection events.
• Credential hashes: access, refresh, and enrollment tokens and per-Unit connection passwords, stored as hashes only.

Excluded from this Annex (not Processed by HPDash): Session content — screen video, keystrokes, mouse input, transferred files, and audio — is end-to-end encrypted between the Operator Client and the Agent and is not accessible to, or stored by, HPDash.

Special categories of Personal Data: None intended; the Service is not designed for HPDash to Process special-category data.

Nature and purpose of Processing: Relaying and routing of encrypted remote-access sessions; authentication of Operators and Units; abuse-prevention; support; and subscription and billing administration, as described in Section 3.

Duration of Processing: For the term of the Customer's subscription and any retention period described in Section 11 and the HPDash Remote Privacy Policy.

Frequency of transfer: Continuous, for the duration of the subscription.

For the SCCs:

• Competent supervisory authority (Module Two/Three): [SUPERVISORY AUTHORITY — to be determined per Clause 13 / Annex; e.g., the supervisory authority of the EU member state of the data exporter's representative].

Annex 2 — Technical and Organizational Measures (TOMs)

HPDash implements the following technical and organizational measures, as appropriate to the nature of the Service and the risk to Data Subjects:

1. Encryption of session content (confidentiality).

• End-to-end encryption of all session content (screen video, keystrokes, mouse input, transferred files, and audio) between the Operator Client and the Agent using the Noise protocol with per-channel / per-session keys.
• The hosted Service relays only ciphertext and cannot decrypt or store session content.

2. Cryptography.

• Standard, published algorithms: Noise protocol, X25519 key agreement, AES, and ChaCha20-Poly1305.

3. Credential and secret storage.

• Account passwords stored only as Argon2id hashes with an out-of-database pepper.
• Access, refresh, and enrollment tokens, and per-Unit connection passwords, stored only as hashes.

4. Access control and authorization.

• Capability-gated, per-Operator-per-Unit authorization for each capability (View, Control, File transfer, Terminal, Unattended access, Audio, Calling, Reboot/Shutdown).
• Internal access to systems Processing Customer Personal Data limited to authorized personnel on a need-to-know basis, subject to confidentiality obligations.

5. Transparency and integrity of the Agent.

• The unattended Agent runs as an identifiable, removable Windows service and is not designed to hide its presence.

6. Logging, monitoring, and abuse-prevention.

• Connection metadata logging for routing, abuse-prevention, and support.

7. Pseudonymization and data minimization.

• The architecture minimizes the Personal Data accessible to HPDash; session content is not accessible to HPDash, and credentials and tokens are stored only as hashes.

8. Availability and resilience.

• Measures designed to maintain the availability and resilience of the Service. [CUSTOMER TO REVIEW; HPDash makes no specific uptime or availability commitment except as stated in the Terms or an applicable service-level agreement, if any.]

9. Sub-processor management.

• Written contracts with Sub-processors imposing data-protection obligations no less protective than this DPA, as described in Section 7.

10. Incident response.

• Procedures for identifying and responding to personal data breaches and notifying affected Customers, as described in Section 9.

Annex 3 — Sub-processor List

As of the "Last updated" date above, HPDash engages the following Sub-processors to Process Customer Personal Data in connection with the Service. The current list is also maintained at [SUB-PROCESSOR LIST URL].

Sub-processor	Service provided	Processing / data categories	Location
[HOSTING / VPS PROVIDER NAME]	Hosting and operation of the relay/gateway infrastructure (the Service)	Connection metadata (room/Unit identifiers, IP addresses, timestamps, byte counts, connection events); account and tenant records as stored on hosted infrastructure	[LOCATION / REGION]
Squarespace, Inc.	Storefront, order processing, and billing	Order and payment metadata; billing email (no full card numbers)	United States
Stripe, Inc.	Payment processing	Payment metadata; card data is collected and processed by Stripe (HPDash does not store full card numbers)	United States
Mobile carriers (transport)	Cellular data transport for the managed connectivity used by Units / Operators	Network transport of encrypted traffic; carrier-level connection metadata	[CARRIERS / REGIONS]

HPDash will update this Annex (or the online Sub-processor list at [SUB-PROCESSOR LIST URL]) when it adds or replaces a Sub-processor, and will provide notice and an objection right as described in Section 7.

HPDash, LLC · craig@hpdash.com / legal@hpdash.com · 1 (541) 708-1710 · 5441 S Macadam Ave Ste N, Portland, OR 97239, USA