Data Processing Addendum (DPA)

Effective date: June 1, 2026

1. Scope & Roles

This Data Processing Addendum (“DPA”) forms part of the Terms of Service between the customer (“Controller”) and iSpanify LLC (“Processor”). It applies where iSpanify processes personal data contained in Customer Data on the Controller’s behalf. A signed copy is available to customers on request.

2. Processing Details

• Subject matter: provision of the iSpanify Services.
• Duration: the term of the subscription, plus deletion/return periods.
• Nature & purpose: hosting and processing operational data to deliver the Services as instructed by the Controller.
• Data types: business contact details, employee/operational records, and similar data the Controller chooses to upload.
• Data subjects: the Controller’s personnel, contractors, and related individuals.

3. Processor Obligations

iSpanify will: process personal data only on the Controller’s documented instructions; ensure authorized persons are bound by confidentiality; implement appropriate technical and organizational security measures; and assist the Controller with data-subject requests and security obligations, taking into account the nature of processing.

4. Subprocessors

The Controller authorizes iSpanify to engage subprocessors (such as hosting, email, analytics, and payment providers) under written terms imposing data-protection obligations no less protective than this DPA. A current subprocessor list is available on request; we will give notice of material changes.

5. Security

iSpanify maintains administrative, technical, and organizational measures designed to protect personal data, including encryption in transit, access controls, and least-privilege permissions.

6. Data-Subject Requests & Breach

iSpanify will, to the extent legally permitted, promptly notify the Controller of data-subject requests it receives and provide reasonable assistance. iSpanify will notify the Controller without undue delay after becoming aware of a personal-data breach affecting Customer Data.

7. International Transfers

Where personal data is transferred across borders, the parties will rely on an appropriate transfer mechanism (such as the EU Standard Contractual Clauses), incorporated by reference where applicable.

8. Audits

Upon reasonable request and subject to confidentiality, iSpanify will make available information necessary to demonstrate compliance with this DPA.

9. Return & Deletion

On termination, iSpanify will, at the Controller’s choice, return or delete Customer Data within a reasonable period, except where retention is required by law.

Contact

Questions? Contact iSpanify LLC at hello@ispanify.com.