Data processing agreement
GDPR Article 28 · Last updated May 1, 2026
This DPA forms part of our Terms of Service and applies when Linkziy processes personal data on your behalf as your data processor.
1. Scope
This DPA covers all personal data Linkziy processes on your behalf in connection with the service: contact records, message content, sequence data, and related metadata.
2. Roles
You are the data controller. Linkziy is the data processor. We process personal data only on your documented instructions, per Article 28 GDPR.
3. Subprocessors
The current list of subprocessors is at /security. We notify customers 30 days before any change and you have the right to object.
4. Security measures
Technical and organizational measures including: AES-256 encryption at rest, TLS 1.3 in transit, role-based access controls, SOC 2 Type II audited annually, annual third-party penetration testing.
5. Data subject rights
We assist you in fulfilling data-subject requests (access, rectification, erasure, portability, restriction, objection) at no extra cost.
6. Data breach notification
We notify you within 72 hours of becoming aware of any personal data breach affecting your data, with details on scope, impact, and remediation steps.
7. International transfers
Personal data is stored in EU regions by default. Any international transfer is governed by Standard Contractual Clauses (SCCs).
8. Termination
On termination, you can export all data via the dashboard. We delete remaining data within 90 days unless legally required to retain it.
9. Signing
To countersign this DPA for procurement purposes, email info@linkziy.com with your company name and signatory.