Legal

Data processing agreement

GDPR Article 28 · Last updated May 1, 2026

This DPA forms part of our Terms of Service and applies when Linkziy processes personal data on your behalf as your data processor.

1. Scope

This DPA covers all personal data Linkziy processes on your behalf in connection with the service: contact records, message content, sequence data, and related metadata.

2. Roles

You are the data controller. Linkziy is the data processor. We process personal data only on your documented instructions, per Article 28 GDPR.

3. Subprocessors

The current list of subprocessors is at /security. We notify customers 30 days before any change and you have the right to object.

4. Security measures

Technical and organizational measures including: AES-256 encryption at rest, TLS 1.3 in transit, role-based access controls, SOC 2 Type II audited annually, annual third-party penetration testing.

5. Data subject rights

We assist you in fulfilling data-subject requests (access, rectification, erasure, portability, restriction, objection) at no extra cost.

6. Data breach notification

We notify you within 72 hours of becoming aware of any personal data breach affecting your data, with details on scope, impact, and remediation steps.

7. International transfers

Personal data is stored in EU regions by default. Any international transfer is governed by Standard Contractual Clauses (SCCs).

8. Termination

On termination, you can export all data via the dashboard. We delete remaining data within 90 days unless legally required to retain it.

9. Signing

To countersign this DPA for procurement purposes, email info@linkziy.com with your company name and signatory.

Free for 14 days No credit card needed
Start free