Data Processing Addendum (DPA) – Summary

Effective date: October 01, 2025

This page summarizes key terms of Salesly.ai's Data Processing Addendum ("DPA"). The DPA governs our processing of Personal Data on behalf of customers under applicable data protection laws (e.g., GDPR/UK GDPR, CPRA where acting as a service provider).

Roles

  • Customer: Controller (or Business) of Customer Personal Data.

  • Salesly: Processor (or Service Provider) for Customer Personal Data.

Subject Matter & Duration

Processing of Customer Personal Data as necessary to provide and support the Services, for the term of the customer agreement and for limited periods thereafter for compliance and dispute resolution.

Purpose & Nature

Providing, maintaining, securing, and improving the Services; customer-requested integrations; technical support; and other documented instructions.

Customer Instructions

We process Customer Personal Data only on documented instructions from Customer, including via product configurations and APIs.

Confidentiality & Security

Salesly ensures personnel confidentiality and maintains administrative, technical, and physical safeguards appropriate to the risk, including encryption in transit, access controls, logging/monitoring, and incident response.

Subprocessors

We maintain an up-to-date list of Subprocessors and provide advance notice of material changes. Customers may subscribe to updates and may object on reasonable grounds.

International Transfers

Where applicable, Salesly offers Standard Contractual Clauses (SCCs) and implements supplementary measures and transfer impact assessments as required.

Data Subject Requests

We assist Customers in responding to data subject requests (access, correction, deletion, restriction, portability, objection) by providing in-product tools and reasonable cooperation.

Audits & Certifications

Upon request and subject to confidentiality and frequency limits, we provide audit reports or allow Customer or its auditor to conduct reasonable audits. We may provide independent third-party reports (e.g., SOC 2 Type II, ISO 27001) if available.

Deletion & Return

At termination, we delete or return Customer Personal Data per Customer instruction, subject to legal retention obligations.

Incident Management

We notify Customer without undue delay after becoming aware of a Personal Data Breach affecting Customer Personal Data and provide updates and remediation details.

Contact

Email: legal@salesly.ai

This summary is for convenience only. The legally binding terms are in the executed DPA.