Legal

Data Processing Agreement

Last updated: June 6, 2026

This Data Processing Agreement ("DPA") forms part of the Terms of Service between you (the "Customer" and data controller) and Impacting Global Ventures LLC (the "Processor"). It governs how we process personal data on your behalf when you use IGVentures. If your customer's counsel requires a countersigned copy, email legal@impactingglobalventures.com.

1. Roles

You are the controller of the personal data you submit to or collect through the Service (the “Customer Data”). We act as your processor and process Customer Data only to provide the Service and only on your documented instructions, which include these Terms and your use of the platform.

2. Scope of processing

  • Subject matter: providing the IGVentures lead conversion and communication service.
  • Duration: for the term of your agreement, plus the retention periods in our Privacy Policy.
  • Nature and purpose: storing, transmitting, and processing lead and communication data to send messages, schedule meetings, generate drafts and notes, and manage consent.
  • Categories of data subjects: your leads, customers, and contacts.
  • Categories of personal data: contact details, communication content and metadata, consent records, and any data you choose to collect.

3. Our obligations

  • Process Customer Data only on your instructions and as needed to provide the Service.
  • Keep Customer Data confidential and require personnel with access to be bound by confidentiality obligations.
  • Implement appropriate technical and organizational security measures, including encryption in transit and at rest, per tenant isolation, access controls, and audit logging.
  • Assist you, as reasonable, with data subject requests, security, breach notification, and any required impact assessments.
  • On termination, delete or return Customer Data within thirty (30) days, subject to legal retention requirements.

4. Subprocessors

You authorize us to engage the subprocessors listed on our Subprocessors page. We impose data protection obligations on each subprocessor that are no less protective than this DPA, and we remain responsible for their performance. We will give at least thirty (30) days notice before adding a new subprocessor that handles Customer Data so you may object.

5. Data subject requests and security incidents

We will promptly inform you of any request we receive directly from a data subject relating to your Customer Data, and we will not respond except on your instruction or as legally required. If we become aware of a personal data breach affecting Customer Data, we will notify you without undue delay and provide the information you need to meet your own notification obligations.

6. International transfers

We currently store and process Customer Data in the United States. If we later transfer data across borders in a way that requires a recognized transfer mechanism, we will put an appropriate mechanism in place.

7. Audits

On reasonable written request, and no more than once per year unless required by a regulator, we will make available the information needed to demonstrate compliance with this DPA, including relevant security documentation and, where available, third party reports.

8. Order of precedence

This DPA is incorporated into the Terms of Service. If there is a conflict between this DPA and the Terms regarding the processing of personal data, this DPA controls. To request a countersigned copy, email legal@impactingglobalventures.com.