Data Processing Addendum

1. Roles of the Parties

Customer is the data controller with respect to any Personal Data uploaded to or processed through the Services ("Customer Data"). Clean Leads 365 acts solely as a service provider and data processor on behalf of Customer.

2. Scope and Purpose of Processing

Processor shall process Customer Data solely for the purpose of providing the Services described in the Terms of Service and in accordance with Customer's documented instructions.

3. Customer Obligations

Customer represents and warrants that:

• (a)it has all necessary rights, permissions, and legal bases to provide Customer Data for processing;
• (b)it is solely responsible for compliance with applicable privacy, marketing, and communications laws, including the TCPA and CAN-SPAM Act;
• (c)Customer Data does not include sensitive personal information unless expressly permitted in writing.

4. Processor Obligations

Processor shall:

• (a)implement reasonable technical and organizational measures to protect Customer Data;
• (b)not sell or disclose Customer Data except as permitted under the Terms of Service;
• (c)ensure personnel with access to Customer Data are subject to confidentiality obligations.

5. Subprocessors

Customer authorizes Processor to engage subprocessors for hosting, analytics, and service delivery. Processor shall remain responsible for subprocessors' compliance with this DPA.

6. Data Subject Requests

Processor shall reasonably assist Customer in responding to verified data subject requests where required by law, to the extent applicable to Customer Data.

7. Data Retention and Deletion

Upon termination of the Services, Processor shall delete or anonymize Customer Data in accordance with the Terms of Service, unless retention is required by law.

8. Liability

Processor's liability under this DPA is subject to the limitations of liability set forth in the Terms of Service.

9. Governing Law

This DPA is governed by the laws specified in the Terms of Service.