Skip to content

Data Processing Agreement (DPA)

Last updated: March 2026

1. Introduction

This Data Processing Agreement ("DPA") forms part of the Terms of Service between ScoutRadar.ai ("Processor") and the Customer ("Controller") and governs the processing of personal data on behalf of the Controller in connection with the services provided by the Processor.

2. Definitions

Personal Data means any information relating to an identified or identifiable natural person.

Processing means any operation performed on Personal Data, including collection, storage, use, disclosure, and deletion.

Data Subject means the individual to whom Personal Data relates.

3. Subject Matter and Duration

The Processor will process Personal Data as necessary to provide the services described in the Terms of Service for the duration of the Customer's subscription.

4. Nature and Purpose of Processing

The Processor will process contact information (names, email addresses, phone numbers, job titles) sourced from public web pages for the purpose of providing contact discovery services to the Controller.

5. Categories of Data Subjects

Employees and representatives of organizations whose information is publicly available on the web.

6. Obligations of the Processor

The Processor agrees to:

  • Process Personal Data only on the Controller's documented instructions.
  • Ensure personnel authorized to process Personal Data are under confidentiality obligations.
  • Implement appropriate technical and organizational security measures.
  • Assist the Controller in responding to Data Subject requests.
  • Delete or return all Personal Data upon termination of services.
  • Provide all information necessary to demonstrate compliance with GDPR Article 28.

7. Sub-processors

The Processor uses the following sub-processors:

  • Stripe, Inc. — payment processing
  • Cloud hosting provider — infrastructure

The Processor will notify the Controller of any intended changes to sub-processors, giving the Controller the opportunity to object.

8. Security

The Processor implements industry-standard security measures including encryption at rest and in transit, access controls, audit logging, and regular security assessments.

9. Data Subject Rights

Data Subjects may submit removal requests via the Data Removal Request form. The Processor will fulfill verified requests within 30 days.

10. Governing Law

This DPA is governed by the laws of the United States and, where applicable, the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

To request a signed DPA for your organization, please contact us.