Data Processing Agreement

This Data Processing Agreement ("DPA") forms part of the Terms of Service between you ("Customer," "Data Controller") and MailCrow LLC ("MailCrow," "Data Processor").

"Personal Data" means any information relating to an identified or identifiable natural person.

"Processing" means any operation performed on Personal Data, including collection, use, storage, and deletion.

"Data Subject" means the individual to whom Personal Data relates.

This DPA applies to the Processing of Personal Data by MailCrow on behalf of Customer in connection with the provision of email validation services.

MailCrow will Process Personal Data only as necessary to provide the services and in accordance with Customer's documented instructions.

Subject Matter: Email validation and data quality services

Duration: For the term of the service agreement

Purpose: To validate email addresses and provide data quality insights

Categories of Data: Email addresses and related metadata

Categories of Data Subjects: Customer's contacts, leads, and subscribers

MailCrow agrees to:

• Process Personal Data only on documented instructions from Customer
• Ensure confidentiality of Personal Data
• Implement appropriate technical and organizational security measures
• Assist Customer in responding to Data Subject requests
• Notify Customer of any Personal Data breaches without undue delay
• Delete or return Personal Data upon termination of services

MailCrow implements the following security measures:

• Encryption of Personal Data in transit and at rest
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Employee training on data protection
• Incident response procedures
• Regular backup and recovery testing

MailCrow may engage sub-processors to assist in providing services. Current sub-processors include:

• Amazon Web Services (cloud infrastructure)
• Cloudflare (content delivery and security)
• Stripe (payment processing)

Customer will be notified of any changes to sub-processors with at least 30 days' notice.

MailCrow will assist Customer in fulfilling Data Subject requests, including:

• Access to Personal Data
• Rectification of inaccurate data
• Erasure of Personal Data
• Restriction of Processing
• Data portability
• Objection to Processing

Personal Data is primarily processed within the United States. Any international transfers will be protected by appropriate safeguards as required by applicable data protection laws.

MailCrow will retain Personal Data only as long as necessary to provide services or as instructed by Customer.

Upon termination of services, MailCrow will delete or return all Personal Data within 30 days, unless longer retention is required by law.

MailCrow will make available to Customer information necessary to demonstrate compliance with this DPA and allow for audits by Customer or an authorized auditor.

Each party's liability under this DPA is subject to the limitation of liability provisions in the main service agreement.

For questions about this DPA or data protection matters, contact: