Skip to main content
Prospct.io
Home/Legal

Data Processing Agreement

Last updated: July 1, 2026

This Data Processing Agreement ('DPA') forms part of the agreement between the customer ('Controller') and Prospct.io ('Processor') for the processing of personal data in connection with the Prospct.io platform.

1. Roles of the Parties

The Customer acts as Data Controller and Prospct.io acts as Data Processor with respect to personal data uploaded into or generated inside the Customer's workspace. For its own account and business operations, Prospct.io acts as an independent Controller.

2. Nature and Purpose of Processing

Prospct.io processes personal data only to provide, secure and improve the Services in accordance with the Customer's documented instructions, as set out in the main services agreement, the product documentation and configuration options selected by the Customer.

3. Data Subjects and Categories

  • Data subjects: the Customer's business contacts, prospects, employees, and end users.
  • Categories: business contact details (name, work email, phone, title, employer), enrichment attributes, workspace activity and audit metadata.

4. Subprocessors

The Customer authorizes Prospct.io to engage subprocessors to help deliver the Services. A current list of subprocessors is available on request. Prospct.io remains responsible for its subprocessors' compliance with this DPA and will give the Customer prior notice of any material change.

5. International Transfers

Where personal data is transferred from the EEA, UK or Switzerland to a country not covered by an adequacy decision, the parties rely on the appropriate Standard Contractual Clauses (SCCs) and, where required, additional safeguards. EU or US-only data residency is available for enterprise customers on request.

6. Security Measures

Prospct.io implements and maintains appropriate technical and organizational measures described on our Security page, including encryption in transit and at rest, access controls, monitoring, resilience and secure software development.

7. Data Subject Rights

Prospct.io will provide the Customer with reasonable assistance, taking into account the nature of the processing, to respond to data subject requests to exercise their rights under applicable law.

8. Personal Data Breach

Prospct.io will notify the Customer without undue delay after becoming aware of a personal data breach affecting the Customer's data, and provide information reasonably required for the Customer to meet its own notification obligations.

9. Return and Deletion

Upon termination of the Services, Prospct.io will delete or return personal data in accordance with the Customer's instructions, subject to any retention required by applicable law.

10. Audits

Prospct.io will make available to the Customer information necessary to demonstrate compliance with this DPA, and allow for audits, including inspections, conducted by the Customer or an auditor mandated by the Customer, subject to reasonable confidentiality and scheduling requirements.

11. Executing the DPA

Customers on an eligible plan may countersign this DPA by emailing privacy@prospct.io with their legal entity name and address.

Questions about this document? Email legal@prospct.io or visit our contact page.