This Data Processing Addendum ("DPA") forms part of the Terms of Service between Danesure Inc. (operating as Dane Suite) and the Customer. It governs how we process personal information contained in Customer Data on your behalf.
Terms not defined here have the meaning in the Terms or applicable data-protection law ("Data Protection Laws"), including the California Consumer Privacy Act as amended by the CPRA ("CCPA"). "Customer Data" means data you submit to or generate in the service. "Personal Information" means information in Customer Data that identifies or relates to an individual. "Business"/"Controller" and "Service Provider"/"Processor" have the meanings in Data Protection Laws. "Subprocessor" means a third party we engage to process Personal Information.
For Personal Information in Customer Data, you are the Business/Controller and we are your Service Provider/Processor. You determine the purposes and means of processing; we process only on your behalf to provide the service. This DPA applies to our processing of Personal Information in Customer Data and does not change how we handle information for which we are the Business/Controller (see our Privacy Policy).
We certify that, with respect to Personal Information you disclose to us, we will:
The prospects and clients you manage in Dane Suite are yours. We will not access, receive, or solicit them for the DANESURE brokerage or any competing purpose, and we will not repurpose your data to build competing products or lists. This is a binding commitment, not just a promise on our Trust page.
We process Personal Information according to your documented instructions, which include the Terms, this DPA, and your use and configuration of the service (for example, who you choose to contact and which integrations you connect). We will notify you if, in our reasonable opinion, an instruction violates Data Protection Laws. Annex A describes the nature, purpose, duration, categories of data, and categories of individuals involved.
We limit access to Personal Information to personnel who need it to provide the service and who are bound by confidentiality obligations.
We maintain appropriate technical and organizational measures to protect Personal Information, described in Annex B. We designed them for a regulated context and align them with the expectations of the GLBA Safeguards Rule and applicable NAIC data-security standards. You are responsible for your own configuration choices, credentials, and the security of systems you connect.
You authorize us to engage the Subprocessors listed at /legal/subprocessors to process Personal Information to provide the service. We impose data-protection obligations on Subprocessors no less protective than this DPA and remain responsible for their performance. We will provide a mechanism to receive notice of new Subprocessors and a reasonable opportunity to object on legitimate data-protection grounds.
The service provides features that let you access, correct, export, and delete Personal Information in your account. Taking into account the nature of the processing, we will assist you, by appropriate measures, in responding to verifiable requests from individuals to exercise their rights. If we receive such a request directly, we will, where permitted, direct the individual to you.
We will notify you without undue delay after becoming aware of a confirmed breach of security leading to the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of Personal Information we process for you, and will provide information reasonably available to help you meet your notification obligations.
On termination and on your request, we will delete or return Personal Information in Customer Data, and delete existing copies, except to the extent retention is required by law.
Because you and we may be subject to insurance recordkeeping and errors-&-omissions retention requirements, certain communications and transaction records may be retained for the legally required period. Retained records remain protected under this DPA and are not used for any other purpose. We'll identify what's retained on request.
On reasonable written request, and no more than once per year (unless required by a regulator or following a breach), we will provide information reasonably necessary to demonstrate compliance with this DPA, subject to confidentiality. Where an on-site audit is required by law, the parties will agree on reasonable scope, timing, and cost in advance.
We process Personal Information in the United States. If you are located outside the U.S. and Data Protection Laws require additional transfer safeguards, the parties will implement an appropriate mechanism (such as standard contractual clauses) as needed.
If there is a conflict between this DPA and the Terms regarding processing of Personal Information, this DPA controls. Except as modified here, the Terms remain in full force. Our liability under this DPA is subject to the limitations in the Terms.
| Item | Description |
|---|---|
| Subject matter | Provision of the Dane Suite platform. |
| Duration | The term of your subscription, plus any legally required retention. |
| Nature & purpose | Hosting, storing, transmitting, and processing Customer Data to provide outreach, CRM, scheduling, AI-assisted drafting, and related features you configure. |
| Categories of individuals | Your prospects, leads, clients, referral partners, and your own team members. |
| Categories of data | Contact details (name, business, email, phone, address), communications content, notes, pipeline/appointment data, and metadata you enter or generate. |