We protect your data like it's our own.
Effective date: January 1, 2025
If you are a controller under GDPR/UK-GDPR/DPDP, our DPA forms part of our agreement. Summary below; full signed DPA available on request.
Client = Data Controller. CleanupCRM = Data Processor.
Processing limited to audit, deduplication, standardization, validation, reporting.
Limited cloud infrastructure and tooling; list available on request; we'll notify of material changes.
Administrative, technical, and physical controls; encryption in transit; restricted access; audit logs on request.
We assist with access, rectification, deletion requests received by Client.
We notify Client without undue delay after becoming aware of a personal data breach.
Upon project end, return or delete data per Client instruction; default 30-day deletion.
Standard Contractual Clauses where applicable.