Data Processing Agreement

Data Controller: You, the Customer, who determines the purposes and means of processing personal data in the context of your use of MarketAgencyAI.

Data Processor: MarketAgencyAI LLC, which processes personal data on your behalf according to your instructions.

Scope: This Data Processing Agreement (DPA) applies to any personal data you submit to MarketAgencyAI, including customer contact information, business descriptions, and data processed during marketing automation setup via GoHighLevel.

This DPA is incorporated into and forms part of the Terms of Service between you and MarketAgencyAI.

Subject Matter: Processing of personal data submitted by the Customer for the purpose of generating marketing assets and configuring marketing automation workflows.

Duration: For the length of the Service agreement plus 90 days after termination.

Nature of Processing: Collection, storage, analysis, transformation, transfer to sub-processors.

Type of Personal Data: Names, email addresses, phone numbers, company information, customer contact records, marketing preferences.

Categories of Data Subjects: Your business contacts, employees, and customers whose data you provide to us.

MarketAgencyAI uses the following sub-processors to deliver the Service. Each sub-processor has executed a data processing addendum or is subject to appropriate safeguards:

• Azure OpenAI (Microsoft): LLM inference for content generation. Data Location: US.
• HeyGen: Video generation and hosting. Data Location: US.
• Cloudflare: Platform hosting, edge computing, and DDoS protection. Data Location: US/Global.
• GoHighLevel: Marketing automation, CRM, and customer data platform. Data Location: US.

You will be notified of any changes to the sub-processor list at least 30 days in advance via email. You have the right to object to any new sub-processor on reasonable grounds relating to data protection. If you object, you may terminate the Service without penalty.

To request a current list of sub-processors or to obtain their data processing addendums, contact dpa@marketagencyai.com.

MarketAgencyAI, as Data Processor, commits to:

• Confidentiality: Process personal data only on documented instructions from you and restrict access to authorized personnel under confidentiality obligations.
• Security: Implement and maintain appropriate technical and organizational security measures to protect personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage.
• Sub-processor Management: Ensure all sub-processors are bound by written contracts imposing the same data protection obligations as this DPA.
• Data Subject Requests: Provide reasonable assistance to you in responding to data subject access requests, deletion requests, correction requests, and other rights under GDPR and CCPA, including providing personal data in a portable format.
• Security Breach Notification: Notify you without undue delay, and in no case later than 72 hours, of any confirmed or suspected data breach involving personal data.
• Audit Rights: Upon your reasonable request, provide evidence of compliance with this DPA and permit audits or inspections by you or your nominated auditor.
• Data Deletion: Delete or return all personal data at your request or upon termination of the Service, unless retention is required by law.

You are responsible for implementing mechanisms to ensure that data subjects can exercise their rights under GDPR, CCPA, and other applicable privacy laws. MarketAgencyAI will provide reasonable assistance, including:

• Access to personal data in your account
• Correction or update of personal data
• Deletion of personal data (right to be forgotten)
• Data portability in machine-readable format
• Restriction of processing
• Objection to processing

Data subjects should submit requests to you, as the Data Controller. You may forward those requests to dpa@marketagencyai.com for processing assistance.

MarketAgencyAI processes and stores data in the United States. If you are a European data controller or if personal data originates from the EU, we rely on the following transfer mechanisms:

• Standard Contractual Clauses (SCCs): We have incorporated SCCs by reference in our agreements with sub-processors to enable lawful data transfers under GDPR Article 46.
• Your Consent: By agreeing to this DPA, you consent to the transfer of EU personal data to the US under applicable GDPR mechanisms.

You acknowledge that data transferred to the US may be subject to access by US government authorities under applicable laws (e.g., FISA, USA PATRIOT Act). We will notify you of any such requests to the extent permitted by law.

You have the right to:

• Request evidence of MarketAgencyAI's compliance with this DPA
• Conduct annual audits of MarketAgencyAI's data processing practices with 30 days' notice
• Engage an independent auditor or assessor to verify compliance

We will provide reasonable access to our systems, personnel, and records during normal business hours. Requests must be reasonable in scope and frequency. We may withhold confidential business information or details that compromise security.

Upon termination or expiration of the Service:

• MarketAgencyAI will delete or return all personal data within 90 days, at your option
• Backup copies are deleted within 180 days
• Data may be retained longer if legally required (tax records, accounting, fraud prevention, legal holds)
• We will provide written certification of deletion upon request

Except as prohibited by law, neither party limits its liability for data protection violations. This DPA does not limit remedies available under GDPR, CCPA, or other applicable privacy laws.

For data protection claims, the limitation of liability clause in the Terms of Service does not apply to violations of this DPA.

This DPA is governed by the laws of the State of Delaware, USA, and the European Union's General Data Protection Regulation (GDPR) where applicable.

In the event of a dispute, you may file a complaint with your local data protection authority or pursue remedies under applicable privacy laws.

For questions regarding this Data Processing Agreement, contact:

dpa@marketagencyai.com

MarketAgencyAI LLC
Delaware, USA