This Data Processing Agreement ("DPA") forms part of the Terms of Service between Growth Copilot ("Processor") and you ("Controller") for the provision of our LinkedIn automation and CRM services.
This DPA applies where and only to the extent that we process Personal Data on your behalf in the course of providing our Services, and such Personal Data is subject to the European Union General Data Protection Regulation ("GDPR") or other applicable data protection laws.
3.1 Categories of Data Subjects
- LinkedIn contacts and connections
- Prospects and leads
- Business contacts you interact with through our platform
3.2 Types of Personal Data
- Contact information (name, email, LinkedIn profile URL, job title)
- Professional information (company, industry, role)
- Communication history (messages, invitations)
- Engagement data (response rates, interaction metrics)
3.3 Purpose of Processing
- Providing LinkedIn automation and CRM services as described in our Terms of Service
- Facilitating communication between you and your contacts
- Generating analytics and insights
- AI-powered message generation and scoring
3.4 Duration of Processing
We will process Personal Data for the duration of your subscription plus 90 days for backup retention, unless otherwise required by law or requested by you.
You warrant and represent that:
- You have obtained all necessary consents and legal bases for the processing of Personal Data
- You will comply with all applicable data protection laws in your use of our Services
- You will respond to Data Subject requests in accordance with GDPR requirements
- You will not use our Services in a manner that violates any applicable laws
We implement the following security measures:
- Encryption of data in transit (TLS 1.3) and at rest
- Access controls and authentication mechanisms
- Regular security assessments and audits
- Incident response procedures
- Employee security training
- Backup and disaster recovery procedures
You authorize us to engage sub-processors for the processing of Personal Data. Current sub-processors include:
- Vercel - Cloud hosting and infrastructure (USA)
- Neon - Database services (USA/EU)
- Cloudflare - CDN and security (Global)
- Stripe - Payment processing (USA)
- Resend - Email services (USA)
- OpenAI - AI processing (USA)
- Anthropic - AI processing (USA)
- Sentry - Error monitoring (USA)
We will notify you of any intended changes to sub-processors and give you the opportunity to object.
We will assist you in fulfilling your obligations to respond to Data Subject requests including:
- Right of Access - Export your data via Settings > Privacy
- Right to Rectification - Update your profile information
- Right to Erasure - Delete your account via Settings > Privacy
- Right to Data Portability - Download your data in JSON format
- Right to Object - Contact us to object to processing
Personal Data may be transferred to and processed in countries outside the European Economic Area. We ensure appropriate safeguards are in place, including:
- EU-US Data Privacy Framework certifications
- Standard Contractual Clauses (SCCs)
- Binding Corporate Rules where applicable
In the event of a Personal Data breach, we will notify you without undue delay (within 72 hours where feasible) and provide:
- Description of the nature of the breach
- Categories and approximate number of Data Subjects affected
- Likely consequences of the breach
- Measures taken or proposed to address the breach
Upon reasonable request and subject to confidentiality obligations, we will make available information necessary to demonstrate compliance with this DPA. Audit requests should be directed to privacy@growthcopilot.io.
For any questions regarding this DPA or data protection: