Legal

Data Processing Addendum

Effective date: July 8, 2026 · Last updated: July 8, 2026

Draft pending final legal review — not yet in force.

This Data Processing Addendum ("DPA") forms part of the Terms of Service between Danesure Inc. (operating as Dane Suite) and the Customer. It governs how we process personal information contained in Customer Data on your behalf.

On this page
  1. Definitions
  2. Roles & scope
  3. Service-provider certification
  4. Processing instructions
  5. Personnel confidentiality
  6. Security
  7. Subprocessors
  8. Consumer requests
  9. Breach notification
  10. Return & deletion
  11. Audits
  12. International transfers
  13. General

1.Definitions

Terms not defined here have the meaning in the Terms or applicable data-protection law ("Data Protection Laws"), including the California Consumer Privacy Act as amended by the CPRA ("CCPA"). "Customer Data" means data you submit to or generate in the service. "Personal Information" means information in Customer Data that identifies or relates to an individual. "Business"/"Controller" and "Service Provider"/"Processor" have the meanings in Data Protection Laws. "Subprocessor" means a third party we engage to process Personal Information.

2.Roles & scope

For Personal Information in Customer Data, you are the Business/Controller and we are your Service Provider/Processor. You determine the purposes and means of processing; we process only on your behalf to provide the service. This DPA applies to our processing of Personal Information in Customer Data and does not change how we handle information for which we are the Business/Controller (see our Privacy Policy).

3.Service-provider certification (the never-compete commitment)

We certify that, with respect to Personal Information you disclose to us, we will:

  • (a) process it only to provide the service to you under the Terms, and for no other purpose;
  • (b) not sell or share it, as those terms are defined by the CCPA;
  • (c) not retain, use, or disclose it for any purpose other than the business purpose of providing the service, including not retaining, using, or disclosing it for a commercial purpose other than providing the service;
  • (d) not use it for our own purposes — including the DANESURE insurance brokerage operated by Danesure Inc. or any other line of business — and not combine it with personal information we receive from, or on behalf of, other sources, except as permitted by the CCPA to perform a business purpose;
  • (e) comply with applicable obligations under the CCPA and provide the same level of privacy protection as required of a business; and
  • (f) notify you if we determine we can no longer meet these obligations.
In plain English

The prospects and clients you manage in Dane Suite are yours. We will not access, receive, or solicit them for the DANESURE brokerage or any competing purpose, and we will not repurpose your data to build competing products or lists. This is a binding commitment, not just a promise on our Trust page.

4.Processing instructions

We process Personal Information according to your documented instructions, which include the Terms, this DPA, and your use and configuration of the service (for example, who you choose to contact and which integrations you connect). We will notify you if, in our reasonable opinion, an instruction violates Data Protection Laws. Annex A describes the nature, purpose, duration, categories of data, and categories of individuals involved.

5.Personnel confidentiality

We limit access to Personal Information to personnel who need it to provide the service and who are bound by confidentiality obligations.

6.Security

We maintain appropriate technical and organizational measures to protect Personal Information, described in Annex B. We designed them for a regulated context and align them with the expectations of the GLBA Safeguards Rule and applicable NAIC data-security standards. You are responsible for your own configuration choices, credentials, and the security of systems you connect.

7.Subprocessors

You authorize us to engage the Subprocessors listed at /legal/subprocessors to process Personal Information to provide the service. We impose data-protection obligations on Subprocessors no less protective than this DPA and remain responsible for their performance. We will provide a mechanism to receive notice of new Subprocessors and a reasonable opportunity to object on legitimate data-protection grounds.

8.Consumer / data-subject requests

The service provides features that let you access, correct, export, and delete Personal Information in your account. Taking into account the nature of the processing, we will assist you, by appropriate measures, in responding to verifiable requests from individuals to exercise their rights. If we receive such a request directly, we will, where permitted, direct the individual to you.

9.Personal data breach notification

We will notify you without undue delay after becoming aware of a confirmed breach of security leading to the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of Personal Information we process for you, and will provide information reasonably available to help you meet your notification obligations.

10.Return & deletion

On termination and on your request, we will delete or return Personal Information in Customer Data, and delete existing copies, except to the extent retention is required by law.

Regulated-records carve-out

Because you and we may be subject to insurance recordkeeping and errors-&-omissions retention requirements, certain communications and transaction records may be retained for the legally required period. Retained records remain protected under this DPA and are not used for any other purpose. We'll identify what's retained on request.

11.Audits

On reasonable written request, and no more than once per year (unless required by a regulator or following a breach), we will provide information reasonably necessary to demonstrate compliance with this DPA, subject to confidentiality. Where an on-site audit is required by law, the parties will agree on reasonable scope, timing, and cost in advance.

12.International transfers

We process Personal Information in the United States. If you are located outside the U.S. and Data Protection Laws require additional transfer safeguards, the parties will implement an appropriate mechanism (such as standard contractual clauses) as needed.

13.General

If there is a conflict between this DPA and the Terms regarding processing of Personal Information, this DPA controls. Except as modified here, the Terms remain in full force. Our liability under this DPA is subject to the limitations in the Terms.

Annex A — Details of processing

ItemDescription
Subject matterProvision of the Dane Suite platform.
DurationThe term of your subscription, plus any legally required retention.
Nature & purposeHosting, storing, transmitting, and processing Customer Data to provide outreach, CRM, scheduling, AI-assisted drafting, and related features you configure.
Categories of individualsYour prospects, leads, clients, referral partners, and your own team members.
Categories of dataContact details (name, business, email, phone, address), communications content, notes, pipeline/appointment data, and metadata you enter or generate.

Annex B — Security measures

  • Encryption in transit — TLS for data moving to and from the service.
  • Encryption at rest — sensitive credentials (e.g., connected-mailbox and API tokens) encrypted with AES-256-GCM in a per-tenant vault; database storage encrypted at rest by our infrastructure provider.
  • Tenant isolation — logical separation of each customer's workspace with row-level security; a signed-in user only accesses their own workspace.
  • Access control — least-privilege access, split credential planes, and administrative access limited to authorized personnel.
  • Integrity & retention — immutable communications/activity records appropriate to a regulated business; archive-not-delete controls.
  • Vendor management — Subprocessors bound by protective terms; published list maintained.