INBOXLY LLC

DATA PROCESSING ADDENDUM

Last Updated on: September 1, 2025

What Is This Document?

Inboxly LLC (“Inboxly”, “we”, “our” or “us”) entered into an Order Form and a Terms of Service (collectively, the “Agreement”) with the entity or organization named in the Order Form (“User", “you”, “your”, or “yours”) for the provision of our Services to you. Unless otherwise specified herein, capitalized terms shall have the same meanings as set forth in the Agreement.  

This document is a binding contract that explains our responsibilities for protecting the personal data you provide to us when you use the Inboxly Services. It is automatically part of your main agreement with Inboxly. This DPA (as defined below) ensures that we handle data in compliance with major privacy laws like Europe's General Data Protection Regulation (“GDPR”) and California's Consumer Privacy Act (“CCPA”).

  

Agreement

This Data Processing Addendum (this “DPA”) between you and Inboxly (each a “Party” and collectively the “Parties”) is incorporated into and shall form part of the Agreement. Signatures of assent of the Parties to the Agreement will be deemed signature to, and acceptance and agreement of, this DPA. In the event of a conflict between any of the provisions of this DPA and the provisions of the Agreement, the provisions of this DPA shall prevail.

Understanding Our Roles (Who's in Charge of the Data?)

  • We Are Your "Processor": When we handle the data you submit to us (like your prospect lists for email campaigns or enrichment), you are the “Controller” (the one in charge), and we are the “Processor”. This means we only act on your instructions.

  • We do not sell, share, or use your data for advertising or unrelated purposes.

Our Responsibilities When Handling Your Data

When we act as your Processor, we will:

  • Follow Your Instructions: We will only process your data to provide the services you signed up for and according to your instructions.

  • Maintain Appropriate Security: We use appropriate technical and organizational security measures to protect your data from unauthorized access, loss, or destruction. These include access controls, encryption, and incident detection systems.

  • Ensure Confidentiality: Our employees who have access to your data are bound by strict confidentiality duties.

  • Notify You of Data Breaches: We will notify you without undue delay (and within 72 hours) if we become aware of a security incident involving your data and will provide details, mitigation steps, and reasonable cooperation in your response.  

  • Manage Our Vendors (Sub-processors):

    • We use other trusted companies (like cloud hosting providers) to help us deliver our services.

    • We will notify you at least 30 days before adding a new sub-processor, and you have the right to object and receive a pro-rated refund.

    • We remain liable to you for the actions of our sub-processors.

  • Assist with Data Subject Rights: We will provide reasonable help so you can respond to requests from individuals who want to exercise their data rights (e.g., a request to delete their information).

  • Handle International Data Transfers Legally: We use legally approved mechanisms to transfer data from regions like Europe, the UK, and Switzerland to the U.S. This is done through our certification with the Data Privacy Framework and by incorporating the Standard Contractual Clauses (SCCs) into our agreement with you.

  • Handle Government Access Requests: We will notify you of any request for the disclosure of Customer personal data by a governmental or regulatory body or law enforcement authority (including any data protection supervisory authority) unless otherwise prohibited by law or a legally binding order of such body or agency.

  • Delete Your Data on Request: When you terminate your agreement, you can choose to have us delete or return all your personal data within 90 days of termination.

Your Responsibilities as the Controller

  • You are responsible for ensuring you have the legal right (like providing necessary notices or getting consent) to collect the personal data you provide to us.

  • You must handle data subject requests and comply with your own obligations under applicable data protection laws.

Limitation of Liability

Notwithstanding anything to the contrary in the Agreement or this DPA, each party’s entire liability, taken together in the aggregate, arising out of or relating to this DPA, the Standard Contractual Clauses, and any other data protection agreements or security addendum signed by the parties (“Ancillary Agreement”) in connection with the Agreement (if any), whether in contract, tort, or under any other theory of liability, is subject to the exclusions and limitations on liability section in the Agreement, and any reference in such section to the liability of a party means the total aggregate liability of that party under the Agreement, this DPA and any Ancillary Agreement (if any) together.

Governing Law

This DPA is governed by the same law and jurisdiction as the Agreement.



‹ General Terms and Conditions