Data Processing Addendum
The DPA governs how Sendlyst processes personal data on your behalf.
Roles
You (the customer) are the data controller. Sendlyst is the data processor.
Categories of data
Business contact data (email, name, company, title) uploaded by you. Engagement events (opens, clicks, replies, bounces).
Sub-processors
Current list available at privacy@sendlyst.com. We notify customers of new sub-processors 30 days in advance.
Security measures
Outlined in the Security page. Includes encryption, access control, monitoring, incident response.
Data subject rights
We provide tools for export, correction, and deletion. We assist with data subject access requests within 30 days.
International transfers
Standard Contractual Clauses (SCC) for transfers outside the EEA. EU data residency available on request.
Audit rights
SOC 2 Type II report available under NDA. On-site audits available for enterprise plans by appointment.
Signed copy
Request a counter-signed copy at legal@sendlyst.com.