Legal
Data Processing Addendum.
This DPA forms part of the Terms of Service between you ("Controller") and salesascode ("Processor"). Last updated . For a countersigned copy, email admin@salesascode.com.
1. Roles and scope
For personal data you submit to or process through the Service, you act as the Controller and salesascode acts as the Processor (or, where applicable, sub-processor). This DPA applies to the extent the GDPR, UK GDPR, or a comparable data-protection law applies to that processing. Where terms conflict, this DPA governs for personal-data processing.
"The Service" here means salesascode.com and every product sold under it — gtmcron, salescron, leadercron, and secronjob (including purchases made via gtmcron.com, salescron.com, leadercron.com, or secronjob.com) and the Team on Cron bundle. All are operated by the same company on the same platform; this DPA covers processing arising from any of them.
2. Processing details
- Subject matter & duration. Processing lasts for the term of your account plus any retention described in the Privacy Policy.
- Nature & purpose. Hosting, storing, and processing your GTM data and telemetry to provide the Service (research, drafting, publishing where you enable it, rollups, and licensing).
- Categories of data subjects. Your team members and the prospects/contacts you choose to bring into the Service.
- Categories of personal data. Names, business contact details, role/company data, activity metadata, and any content you submit. Do not submit special-category data.
3. Our obligations as Processor
- Process personal data only on your documented instructions (the Terms, this DPA, and your use of the Service), unless required by law.
- Ensure personnel with access are bound by confidentiality.
- Implement appropriate technical and organizational security measures (see Trust & security): encryption of secrets at rest and in transit, scoped access, hashed API keys, audit logging, and least-data defaults.
- Assist you, taking into account the nature of processing, with data-subject requests and with your obligations under Articles 32–36 (security, breach notification, DPIAs).
- Notify you without undue delay after becoming aware of a personal-data breach affecting your data.
- At your choice, delete or return personal data at the end of the service, subject to legal retention. Export and erasure are available in-product.
- Make available information necessary to demonstrate compliance and allow for reasonable audits.
4. Sub-processors
You authorize salesascode to engage sub-processors to provide the Service. Current sub-processors include our cloud/database host (Neon), hosting/CDN (Vercel), transactional email (Resend), payments (Stripe), and the AI model provider (Anthropic). We will maintain a current list and give you reasonable notice of intended changes so you may object on reasonable data-protection grounds.
5. International transfers
Where personal data is transferred outside the EEA/UK, we rely on an appropriate transfer mechanism (for example, the EU Standard Contractual Clauses and the UK Addendum), which are incorporated by reference where required.
6. Your obligations as Controller
You are responsible for the lawfulness of the personal data you submit and your instructions, for having a valid legal basis and any required notices/consents, and for complying with anti-spam and marketing law for anything you send or publish through the Service.
7. Liability & changes
Each party's liability under this DPA is subject to the limitations in the Terms. We may update this DPA to reflect legal or operational changes; material changes will be notified as described in the Terms.