Data Processing Addendum
TLNTConnect Data Processing Addendum
Processor and service-provider terms incorporated into the TLNTConnect agreement where applicable.
Last updated July 14, 2026
1. Scope And Parties
This Data Processing Addendum ("DPA") forms part of the agreement between the customer ("Customer") and Tlnt Connect LLC, operating as TLNTConnect ("TLNTConnect"). It applies when TLNTConnect processes Personal Data in Customer Data for Customer as a processor, service provider, or contractor.
Capitalized terms not defined here have the meaning in the Terms. Personal Data includes personal information and personal data under applicable privacy laws. Customer is the controller/business and TLNTConnect is the processor/service provider except where each independently determines its own processing purposes.
2. Documented Instructions
TLNTConnect will process Personal Data only to provide, secure, support, and improve the contracted service; follow Customer's documented feature settings and instructions; and comply with law. The agreement, Customer's authorized use, support requests, and written directions are documented instructions.
TLNTConnect will notify Customer if an instruction appears to violate applicable data-protection law unless prohibited from doing so. Customer is responsible for lawful instructions, notices, consents, and a valid basis for collection and disclosure to TLNTConnect.
3. Confidentiality And Security
Personnel authorized to process Personal Data are bound by confidentiality. TLNTConnect will maintain technical and organizational measures appropriate to risk, including access controls, tenant scoping, authentication, encryption in transit, protected secret storage, logging, backup and recovery processes, vulnerability management, and incident response.
Customer remains responsible for account security, endpoint controls, role assignment, public-link configuration, data minimization, and secure use of exports and connected providers.
4. Subprocessors
Customer generally authorizes the subprocessors listed on TLNTConnect's Subprocessors page. TLNTConnect will impose data-protection obligations appropriate to the services each subprocessor performs and remains responsible for their processing to the extent required by law.
We will provide notice of a material new subprocessor through the service, email, or the published list when required. Customer may object on reasonable data-protection grounds within 30 days. The parties will work in good faith on a commercially reasonable solution; if none is available, either party may terminate only the affected service.
5. Individual Rights
Taking into account the nature of processing, TLNTConnect will reasonably assist Customer with verified requests for access, correction, deletion, portability, restriction, objection, or opt-out. If we receive a request concerning Customer Data, we may direct the individual to Customer and will not independently respond on Customer's behalf unless authorized or legally required.
6. Security Incidents
TLNTConnect will notify Customer without undue delay after confirming a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Personal Data. Notice will include available information reasonably needed for Customer's legal obligations and will be supplemented as the investigation develops.
Notification is not an admission of fault. Customer is responsible for its regulator and individual notifications unless law assigns that duty to TLNTConnect.
7. Assessments, Audits, And Compliance Assistance
TLNTConnect will provide information reasonably necessary to demonstrate compliance with applicable processor obligations, including relevant third-party audit reports or security documentation when available and subject to confidentiality. No more than annually, unless required after an incident or by a regulator, Customer may request a reasonable remote audit at its expense without disrupting operations or exposing other customers' data.
TLNTConnect will reasonably assist with data-protection impact assessments and regulator consultations related to the service, considering the nature of processing and information available.
8. Return, Deletion, And Legal Holds
At termination or Customer's documented request, TLNTConnect will return or delete Customer Personal Data consistent with service capabilities, the Privacy Policy, and the retention schedule, unless law requires retention. Data in backups will be isolated from ordinary use and expire through normal rotation. Legal holds, security evidence, and financial records may be retained only for the applicable purpose.
9. International Transfers
For restricted transfers from the EEA, the 2021 European Commission Standard Contractual Clauses (SCCs) are incorporated by reference using Module Two (controller to processor) or Module Three (processor to processor), as applicable. Clause 7 applies; Clause 9 uses Option 2 with 30 days' notice; the optional Clause 11 language does not apply; Clause 17 is governed by Irish law; and Clause 18 selects the courts of Ireland. Under Clause 13, the authority is the authority for the exporter's EEA establishment or, if the exporter is not established in the EEA and no other authority is mandated, the Irish Data Protection Commission.
For Annex I, the exporter is Customer at the contact details in its account or order form, and the importer is Tlnt Connect LLC, 611 South Dupont Highway, Dover, DE 19901, privacy@tlntconnect.com. The parties' roles, transfer activities, data subjects, data types, sensitive data, frequency, purpose, and retention are stated in this DPA and its Processing Details. The transfer occurs continuously or when Customer uses the relevant feature. The importer contact responsible for data protection is privacy@tlntconnect.com. Annex II is Section 3 and the technical and organizational measures described in the Security Measures below. Annex III is the Subprocessors page.
For UK restricted transfers, the then-current mandatory clauses of the UK International Data Transfer Addendum to the EU SCCs are incorporated. Table 1 uses the parties and contacts above; Table 2 selects the applicable Module Two or Three SCCs with the selections above; Table 3 uses the Annex information in this DPA; and Table 4 does not grant either party an additional termination right unless the mandatory Addendum requires it. For Switzerland, references are adapted to the Swiss Federal Act on Data Protection and the competent Swiss authority. A later valid transfer mechanism controls to the minimum extent necessary.
Security Measures
- Access and identity: authenticated accounts, role-based authorization, tenant scoping, least-privilege service access, protected administrative credentials, and periodic access review.
- Confidentiality and encryption: personnel confidentiality duties, TLS in transit, provider-managed encryption at rest where supported, secret-management controls, and restrictions on production-data access.
- Integrity and availability: validation and authorization checks, audit and provider-event logging, backups and recovery procedures, deployment review, dependency and vulnerability management, and incident response.
- Data lifecycle: documented retention targets, provider revocation and deletion paths, customer export and deletion support, backup expiration, and legal-hold controls.
- Assurance: security policy review, subprocessor diligence, change control, testing, monitoring, and reasonable audit information subject to confidentiality and protection of other customers.
10. U.S. State Service-Provider Terms
TLNTConnect will not sell or share Customer Personal Data, retain/use/disclose it outside the direct business relationship or permitted business purposes, or combine it with personal data from other sources except as allowed by applicable U.S. state privacy law. TLNTConnect will provide the same level of protection required of Customer, notify Customer if it can no longer comply, and allow reasonable steps to stop and remediate unauthorized use.
Annex: Processing Details
- Subject matter and duration: operation of TLNTConnect for the subscription and limited deletion, backup, legal, security, and audit periods afterward.
- Nature and purpose: hosting, organizing, securing, searching, enriching, communicating, collaborating, reporting, provider synchronization, AI assistance, support, and customer-directed billing/accounting operations.
- Data subjects: Customer personnel, agency staff, creators (including authorized minor-creator records), brand contacts, collaborators, payees, public-link visitors, and other people represented in Customer Data.
- Data types: identifiers, contact and professional details, public social profiles, audience aggregates, campaign and deliverable records, communications, files, shipping information, financial/accounting metadata, provider identifiers, technical logs, prompts and outputs, and other Customer-selected content.
- Sensitive data: not intentionally required except authentication/security data, financial identifiers handled by connected providers, and any sensitive data Customer chooses to submit under lawful instructions. Customer must minimize such data.
- Frequency: continuous or Customer-initiated during use of the relevant feature.
Contact And Order Of Precedence
Privacy and DPA notices may be sent to privacy@tlntconnect.com and 611 South Dupont Highway, Dover, DE 19901. If this DPA conflicts with the Terms on Personal Data processing, this DPA controls. The liability provisions of the Terms apply to this DPA unless a signed agreement states otherwise.
