Sign In

Not sure what you need?

Contact sales

Find a plan that fits you

Get in touch with our experts to find a solution that suits your needs

Geofactor has rebranded to to better reflect our vision.

Check it out!

Data Processing Addendum Appendix 1 – Data Processing Addendum

Last Modified May 22nd, 2024 

This Data Processing Addendum (“DPA“) forms part of each agreement between you and Logic Sense LLC, a Delaware limited liability company doing business as, and its subsidiaries and affiliates (“”) that incorporates this DPA by reference (“Agreement”). This DPA applies only to’s Services and does not apply to any service the you purchase from any third party other than 

Capitalized terms used herein without definition have the respective meanings set forth in Annex I and are incorporated for all purposes of this DPA (such definitions to be equally applicable to both the singular and plural forms of the terms defined). Unless otherwise expressly defined herein, the capitalized terms used in this DPA have the meanings assigned to them in the Agreement.


NOW, THEREFORE, the Parties hereby agree as follows: 

  1. Role of the Parties.
    1. With regard to Customer Data, such as business contact information, customer lists or “seed file” customer lists provided by you to, is a Service Provider and Processor, and Customer is a Business and a Controller.
    2. With regard to Modelled Data, is a Business and a Controller, and you are also a Business and a Controller.
  2. Compliance with Laws.
    1. Each party will comply with its obligations under Data Protection Laws. Without limiting the foregoing, (i) You will have the right to take reasonable and appropriate steps to ensure that uses Customer Data in a manner consistent with your obligations under Data Protection Laws; and (ii) will notify you promptly (and in any event within five (5) business days), if determines that it can no longer meet its obligations under Data Protection Laws.
    2. You will inform of any Consumer request made pursuant to Data Protection Laws that must comply with, and provide the information necessary for to comply with the request.
  3. Obligations.
    1. will Process Customer Data for the purpose of providing the Services set forth in the Agreement.  Without limiting the foregoing, is prohibited from selling Customer Data or otherwise making Customer Data available to any third party for monetary or other valuable consideration; 
    2. will limit access to Customer Data to personnel who have a business need to have access to such Customer Data, and will ensure that such personnel are subject to obligations at least as protective of the Customer Data as the terms of this DPA. Notwithstanding the foregoing, nothing in this DPA shall restrict’s ability to disclose Customer Data (i) to a subcontractor for a business purpose pursuant to a written agreement to protect the confidentiality of Customer Data, (ii) to a third party as necessary to comply with applicable laws, or (iii) as otherwise permitted by the Data Protection Laws.
    3. agrees to reasonably cooperate with you, at your expense, to assist you with ensuring its compliance with Data Protection Laws, including to respond to requests for access, knowledge, deletion, or rectification. If and to the extent you instruct to delete Consumer Personal Information in response to a Consumer request received by you, agrees to delete or de-identify such information within thirty (30) days of receipt of the request. For the avoidance of doubt, shall have no obligation to delete information that has been de-identified or aggregated or information relating to your use of the Service that is not Customer Data.
    4. shall implement and maintain reasonable security procedures, practices, and controls, as may be appropriate based on the nature of the information, designed to protect Customer Data from unauthorized access or destruction, as further described in Section 5 below. 
  4. Customer Obligation
    1. Upon prior written approval (email accepted) Customer may grant to a non-exclusive, non-transferable, revocable, limited right to use the Customer name, trademarks, and logos (collectively, the “Customer Marks”) in accordance with any Customer trademark and logo use guidelines that Customer provides to Any public use by of the Customer Marks shall be subject to Customer’s prior consent, except that may use the Customer Marks to identify Customer as a customer of, including on the  corporate website. 
    2. Customer shall retain all right, title, and interest in and to Customer’s intellectual property rights in Customer Data. By importing or processing Customer Data, Customer grants to the right and license to reproduce, distribute, modify, and adapt Customer’s Data for the purpose of providing the Services to Customer, including the right to disclose Customer Data to’s subcontractors as necessary to provide the Services to Customer. Notwithstanding the foregoing, may use de-identified or aggregated Customer Data for product improvement, benchmarking, industry modelling, and system performance enhancements.
  1. Other Data Obligations.
    1. You acknowledge and affirm that you have provided all notices to Consumers required under Data Protection Laws in connection with the Services (if any) and obtained all consents from Consumers required under Data Protection Laws in connection with the Services (if any). 
    2. Neither party shall submit or cause to be submitted to the other party any data that includes (i) a social security number, passport number, driver’s license number, or similar identifier, credit card or debit card number, employment, financial or health information; (ii)  Personal Information relating to a resident of the European Economic Area or which may be subject to the General Data Protection Regulation (GDPR); (iii)  Personal Information relating to an individual under sixteen (16) years of age; (iv) Personal Information relating to any individual that has withdrawn consent or exercised a right to opt-out; or (v) any other information which may be subject to additional protections under applicable laws or regulations including, but not limited to, the Gramm-Leach-Bliley Act (GLBA) or the Health Insurance Portability and Accountability Act (HIPAA), the Children’s Online Privacy Protection Act (COPPA), or which could give rise to notification obligations under data breach notification laws, without’s prior written approval. 
    3. To the extent you incorporate third party data services into the Services, for example, to procure modeled lists or to append or supplement Customer Data with data from third party providers (“Third-Party Licensed Data”) pursuant to an agreement between you and such third-party provider:
      1. You are solely responsible for ensuring compliance with your obligations under such third-party agreements to which you are a party and with Data Protection Laws applicable to such activity in relation to your use of the Services. 
      2. By instructing to disclose Customer Data to such third-party provider for the purpose of generating Third-Party Licensed Data for or on behalf of you, you represent and warrant that you have all necessary rights and consents needed to support such instruction. 
      3. To the extent you provide Third-Party Licensed Data to, or instruct such third-party provider to deliver Third-Party Licensed Data to on your behalf, shall collect, use, retain and disclose such Third-Party Licensed Data in the same manner as shall use Customer Data pursuant to this DPA. 
    4. In certain circumstances, may provide you with Modelled Data, which could include Third-Party Licensed Data, generated in connection with the Service. You warrant and agree that you shall use and retain such data solely for marketing, internal analytics and attribution purposes (“Matchback Purposes”), and for no other purpose, commercial or otherwise. You shall have no right to share, disclose or sell Modelled Data to any third party without prior written approval from You warrant and agree that you shall erase or otherwise destroy any Modelled Data provided by within thirty (30) days from the completion of the Services for which such data was provided, unless otherwise permitted by the applicable data provider and/or, as applicable, in writing. You are solely responsible for ensuring that your receipt and use of any Third-Party Licensed Data is permitted by the applicable agreement between you and the relevant data provider.
    5. shall have the right to take reasonable and appropriate steps to ensure that you use the Modelled Data in a manner consistent with’s obligations under Data Protection Laws. In addition, shall have the right take reasonable and appropriate steps to stop and remediate unauthorized use of Modelled Data. 
    6. You shall notify no later than five (5) business days after you make a determination that you can no longer meet your obligations under Data Protection Laws.
  2. Data Security. will implement appropriate technical and organizational measures designed to safeguard Customer Data against unauthorized or unlawful Processing, and against accidental loss, destruction or damage. Notwithstanding the foregoing, you understand that it is impossible to protect against all data breaches. 
  3. Data Security Incidents. shall promptly notify you in the event of unauthorized access to, acquisition or disclosure of unencrypted Customer Data associated to you that is in’s or its subcontractors’ control or possession (a “Data Security Incident”). If, and to the extent, that a Data Security Incident requires notice to any regulator, Consumer or other third party under Data Protection Law, you shall have sole responsibility for the content, timing and method of distribution of any such notice, unless otherwise required by Data Protection Law. will provide reasonable cooperation with your investigation of the Data Security Incident.
  4. Data Retention and Deletion. shall retain Customer Data for only so long as necessary to perform its obligations under the Agreement, unless otherwise required under applicable laws or authorized by Customer for longer term retention.  Within forty-five (45) days of termination or expiration of the Agreement or earlier request by you, shall destroy or return to you (at your election) all Customer Data in its possession, custody and control, except to the extent such Customer Data as must be retained under applicable law (which shall destroy once it is no longer required under applicable law to retain).
  5. Data Maintenance and Backup Procedures.   The platform is not intended to be a failsafe data warehouse or data back-up solution. In the event of any loss or corruption of Customer Data, shall use its commercially reasonable efforts to restore the lost or corrupted Customer Data from the latest backup of such Customer Data maintained by; Customer acknowledges that full restoration of Customer Data may not be possible under all circumstances.
  1. Termination and Survival. This DPA and all provisions herein shall survive so long as, and to the extent that, Processes or retains Customer Data, or you Processes or retains Modelled Data.
  2. Conflicts. In case of contradictions between this DPA and the provisions of the Agreement, the provisions of this DPA shall prevail. 
  3. Applicable Law and Jurisdiction. The applicable law and jurisdiction as set forth in the Agreement apply to this DPA.

Annex I


Business” or “Controller” shall mean an entity that determines the purposes and means of Processing of Personal Information.

Content”, “User Content”, “Customer Content” or equivalent term shall have the meaning assigned to it in the Agreement.

Consumer” shall mean the individual to whom Personal Information relates.

Customer Data” means the Personal Information related to Consumers that Processes on behalf of you as a Service Provider or Processor as set forth in Section 1 of this DPA. Customer Data may include, for example, Personal Information included in customer lists provided by you or by a third party on your behalf, in connection with the provision of Mailings or other Services pursuant to the Agreement.

Data Protection Laws” means any applicable local, state and federal laws, rules and regulations in the United States relating to the use, collection, retention, storage, security, disclosure, transfer, sale or other Processing or Personal Information, including, but not limited to, the California Consumer Privacy Act, including any amendments and any implementing regulations thereto (the “CCPA”), the California Privacy Rights Act of 2020 (“CPRA”), the Virginia Consumer Data Protection Act (the “VCDPA”), and any similar laws including any amendments and any implementing regulations thereto that are in effect or that become effective on or after the effective date of this DPA.

Personal Information” shall mean “personal data,” “personal information,” or equivalents as defined in applicable Data Protection Laws. In the absence of applicable Data Protection Laws, “Personal Information” shall mean any information relating, directly or indirectly, to an identified or reasonably identifiable natural person. 

Process” or “Processing” means any operation or set of operations performed, whether by manual or automated means, on information or on sets of information, such as the collection, use, storage, disclosure by transmission, dissemination or otherwise making available, alignment or combination, analysis, restriction, deletion, or modification of information.

Service Provider” or “Processor” shall mean an entity that Processes Personal Information on behalf of a Business or Controller.

Services” means the services to be provided by to you under the Agreement, as further specified in any applicable purchase order or statement of work.

Modelled Data” means the data generated, sourced, created or maintained by in connection with the Services, other than Customer Data and Content. Modelled Data may include Personal Information sourced from third party data providers.