Logo

Book a Call

Logo
Logo

Book a Call

DATA PROCESSING ADDENDUM

Last Updated:

November 28, 2025

|

Effective:

November 28, 2025

GrowthStack Data Processing Addendum

This Data Processing Addendum applies when GrowthStack processes personal data on behalf of a client located in the European Union or in regions that require similar protections.

1. Definitions

Controller: The client who determines the purpose and means of processing.
Processor: GrowthStack, which processes data on the client’s behalf.
Personal Data: Any information relating to an identified or identifiable individual.
Subprocessor: A third party engaged by GrowthStack to assist in processing.

2. Roles

The client is the Controller.
GrowthStack is the Processor.

GrowthStack processes personal data only as instructed by the client.

3. Nature and Purpose

GrowthStack processes personal data only to:

  • Provide GTM system support

  • Repair workflows

  • Fix routing and lead flow

  • Build automations

  • Provide reporting

  • Carry out tasks required by the client

GrowthStack does not process personal data for its own purposes.

4. Types of Data

Depending on the tools used, data may include:

  • Contact details stored in the client’s CRM

  • Lead and account information

  • Deal and activity data

  • Workflow-related metadata

  • User access or role information

GrowthStack does not collect sensitive personal data unless required by the client and permitted by law.

5. Security

GrowthStack will take reasonable technical and organizational steps to protect personal data from unauthorized access, loss, or misuse.

Access to client systems is limited to staff who need it to perform services.

6. Subprocessors

GrowthStack may use subprocessors for hosting, email, analytics, or administrative tools.
A current list is available upon request.

Subprocessors are required to follow data protection rules similar to those in this DPA.

7. International Transfers

If personal data is transferred outside the European Union, GrowthStack will use safeguards such as Standard Contractual Clauses or other approved mechanisms.

8. Client Responsibilities

The client is responsible for:

  • Ensuring lawful collection of personal data

  • Managing access rights inside their tools

  • Providing accurate instructions to GrowthStack

  • Complying with applicable privacy laws

9. Data Subject Rights

GrowthStack will assist the client in responding to data subject requests, including:

  • Access

  • Correction

  • Deletion

  • Restriction

  • Portability

  • Objection

GrowthStack will not respond directly to individuals unless instructed.

10. Data Retention

GrowthStack does not store personal data outside the client’s systems unless agreed.
Access to systems will be removed once the project ends.

11. Breach Notification

If GrowthStack becomes aware of a personal data breach affecting client data, we will notify the client without unnecessary delay and provide available information.

12. Termination

When the agreement ends, GrowthStack will delete or return any client data stored outside client systems. Access credentials must be revoked by the client.

13. Contact

For questions related to data protection:
Email: hello@growthstackhq.com