eKnoxx Legal Center
LoginSign Up

Data Processing Addendum (DPA)

Effective Date: February 19, 2026

This Data Processing Addendum ("DPA") forms part of the Terms of Service between:

Zofia Ventures, LLC

30 N Gould St. STE R

Sheridan, Wyoming 82801

United States

("Company," "Processor")

and

The Customer using eKnoxx services ("Customer," "Controller").

1. Purpose

This DPA governs the processing of Personal Data subject to the General Data Protection Regulation (EU) 2016/679 ("GDPR") and similar data protection laws.

By using eKnoxx, Customer appoints Company as a data processor for Personal Data processed on Customer's behalf.

2. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Processing: Any operation performed on Personal Data.
  • Controller: The entity determining purposes and means of processing.
  • Processor: The entity processing Personal Data on behalf of Controller.
  • Data Subject: Identified or identifiable individual.
  • Supervisory Authority: Data protection authority under GDPR.

3. Roles of the Parties

3.1 Controller

Customer is the Controller of all Personal Data uploaded to or processed within eKnoxx.

Customer determines:

  • The purpose of email campaigns
  • The legal basis for processing
  • The data uploaded
  • The recipients contacted

3.2 Processor

Company acts solely as a Processor of Customer-uploaded Personal Data.

Company also independently acts as a Controller for:

  • Account registration data
  • Billing data
  • Platform analytics
  • Identity Graph data generated independently

4. Nature and Purpose of Processing

Company processes Personal Data to:

  • Store email lists
  • Send email campaigns
  • Track opens and clicks
  • Provide Smart Inbox features
  • Maintain suppression lists
  • Provide enrichment and identity graph services
  • Provide email hygiene services

Processing may include:

  • Collection
  • Storage
  • Structuring
  • Transmission
  • Deletion

5. Types of Personal Data

Depending on Customer usage, data may include:

  • Name
  • Email address
  • Job title
  • Company name
  • Phone number
  • IP address
  • Behavioral engagement data
  • Publicly available profile data
  • Enriched contact data

Sensitive personal data should not be uploaded.

6. Customer Obligations

Customer represents and warrants that:

  • It has a lawful basis for processing Personal Data.
  • It complies with GDPR, CAN-SPAM, CASL, and all applicable laws.
  • It provides required notices to Data Subjects.
  • It honors unsubscribe and erasure requests.
  • It does not upload unlawfully obtained data.

Company is not responsible for Customer's compliance failures.

7. Processor Obligations

Company shall:

  • Process data only on documented instructions of Customer.
  • Implement commercially reasonable security measures.
  • Ensure personnel are bound by confidentiality.
  • Assist Customer with Data Subject requests (where technically feasible).
  • Notify Customer of confirmed data breaches without undue delay.

8. Security Measures

Company maintains reasonable administrative, technical, and physical safeguards appropriate to the risk.

However, Customer acknowledges:

  • No internet-based service is 100% secure.
  • Company does not guarantee absolute security.

9. Subprocessors

As of the Effective Date, Company does not engage subprocessors for Customer-uploaded data processing.

Company reserves the right to appoint subprocessors in the future, provided appropriate data protection obligations are imposed.

Payment processors (for example, Stripe) act as independent controllers for billing data.

10. International Data Transfers

Company operates from the United States. By using eKnoxx, Customer acknowledges that Personal Data may be transferred to and processed in the United States and other jurisdictions.

Where required, transfers rely on:

  • Standard Contractual Clauses (SCCs)
  • Lawful transfer mechanisms recognized under GDPR

11. Data Subject Rights

Taking into account the nature of processing, Company shall assist Customer in responding to:

  • Access requests
  • Rectification
  • Erasure
  • Restriction
  • Portability

Customer remains solely responsible for responding to Supervisory Authorities.

12. Data Breach Notification

In the event of a confirmed breach affecting Customer Personal Data, Company will notify Customer without undue delay after becoming aware.

Notification will include available details necessary for compliance.

13. Data Retention & Deletion

Upon account termination:

  • Customer data will be deleted in accordance with platform retention policies.

Company may retain data necessary for:

  • Legal compliance
  • Fraud prevention
  • Dispute defense
  • Abuse monitoring

14. Identity Graph & Enrichment Data

Customer acknowledges:

  • Enriched data may originate from licensed third-party and public sources.
  • Accuracy is not guaranteed.
  • Company is not responsible for Customer's legal basis for using enrichment data.

Identity Graph data is provided "AS IS."

15. Audits

Company is not obligated to permit on-site audits.

Reasonable documentation regarding security measures may be provided upon written request.

16. Liability

Liability under this DPA is subject to the limitations set forth in the Terms of Service.

In no event shall Company's total liability exceed the amount paid by Customer in the 12 months preceding the claim.

17. Governing Law

This DPA shall be governed by the laws of the State of Wyoming, except where GDPR mandates otherwise.

Disputes are subject to arbitration as stated in the Terms of Service.

18. Entire Agreement

This DPA forms part of and is incorporated into the Terms of Service.

In the event of conflict, this DPA controls solely with respect to GDPR obligations.