This Addendum applies when LeadRecoverly processes personal data on your behalf as a processor. It forms part of, and is governed by, the Terms of Service. Where you are a controller subject to the GDPR, UK GDPR, or similar laws, these terms describe how we handle that data.
For data in your connected HubSpot portal, you are the controller and LeadRecoverly is the processor. You determine the purposes and means of processing; we process that data only to provide the service and only on your documented instructions, which include your use of the product and these terms.
The subject matter is the data in your connected HubSpot portal. Processing lasts for as long as your account is active and ends on termination, after which deletion timelines in our Privacy Policy apply. The nature and purpose of processing is to read CRM records to compute findings and reports, and, where you grant write access and approve specific changes, to submit those single-record updates back to HubSpot.
We process personal data only on your instructions and as needed to provide the service, unless legally required to act otherwise, in which case we will inform you where permitted. We do not sell personal data, market to your contacts, or train public AI models on your CRM data.
Personnel authorized to process your data are bound by confidentiality obligations.
You authorize us to engage the sub-processors listed in our Privacy Policy (currently HubSpot, Stripe, Netlify, Supabase, and Resend). We impose data-protection terms on each and remain responsible for their performance. We will give notice of new sub-processors and a reasonable opportunity to object.
Taking into account the nature of processing, we will assist you with data-subject requests and with your obligations around security, breach notification, and impact assessments. If we receive a request directly from one of your data subjects, we will refer them to you where appropriate.
We will notify you without undue delay after becoming aware of a personal data breach affecting your data, and provide information reasonably available to help you meet your notification obligations.
On termination, we delete HubSpot-derived data and access tokens within the timelines in our Privacy Policy, except for limited records required by law. You may also trigger deletion earlier by disconnecting HubSpot and requesting account deletion.
Where data is transferred out of the EEA or UK, we rely on appropriate safeguards such as the applicable Standard Contractual Clauses, which are incorporated by reference where required.
On reasonable request and no more than once per year, we will make available information necessary to demonstrate compliance with this Addendum, subject to confidentiality and the security of other customers.