Version 1.0-2026-06-08 · hash 48305502e5b1c115…
GrowIQ — Data Processing Addendum (DPA)
Version 1.0-2026-06-08 · Effective 8 June 2026
This DPA forms part of the Terms of Service between the Customer and GhayaInc USA ("GrowIQ")
and applies to GrowIQ's processing of personal data within Customer Data.
1. Roles. With respect to personal data in Customer Data, the Customer is the
Controller (or processor acting for its own controllers) and GrowIQ is the
Processor (or sub-processor). GrowIQ processes such data only on the Customer's
documented instructions, including as set out in the Terms and this DPA.
2. Scope & Purpose. Subject matter: provision of the Service. Duration: the term
of the Terms. Nature/purpose: hosting, processing, and analyzing Customer Data to
provide the Service. Data subjects: the Customer's leads, contacts, and personnel.
Data types: business contact details and CRM/engagement data submitted by the
Customer.
3. Confidentiality. GrowIQ ensures persons authorized to process personal data are
bound by confidentiality obligations.
4. Security. GrowIQ implements appropriate technical and organizational measures
including encryption in transit, access control and least privilege, multi-tenant
isolation, secrets management, audit logging, and regular review, taking into
account the state of the art and the risks of processing.
5. Sub-processors. The Customer authorizes GrowIQ to engage sub-processors (e.g.
cloud infrastructure, email delivery, address validation) under written terms
imposing data-protection obligations equivalent to this DPA. GrowIQ remains liable
for its sub-processors and will inform the Customer of material changes on request.
6. Data-Subject Requests. GrowIQ will, taking into account the nature of the
processing, assist the Customer by appropriate measures to respond to requests to
exercise data-subject rights, and will redirect such requests received directly to
the Customer.
7. Personal-Data Breach. GrowIQ will notify the Customer without undue delay after
becoming aware of a personal-data breach affecting Customer Data, with information
reasonably available to assist the Customer's notification obligations.
8. International Transfers. Where GrowIQ transfers personal data across borders, it
will use a lawful transfer mechanism (e.g. Standard Contractual Clauses), which are
incorporated by reference where applicable.
9. Audit. GrowIQ will make available information necessary to demonstrate
compliance with this DPA and allow for and contribute to audits, including
inspections, conducted by the Customer or an auditor, subject to reasonable
confidentiality and frequency limits.
10. Return & Deletion. On termination of the Service, GrowIQ will, at the
Customer's choice, delete or return Customer Data (and delete existing copies)
within a reasonable period, except where retention is required by law.
11. Contact. GhayaInc USA, 15 Summer St, Unit 308, Franklin, MA 02038, USA · info@ghayainc.com