Data Processing Addendum.

You (the customer) are the data controller for the personal data you process through Findby. Findby is the data processor acting on your documented instructions. For public business records sourced through discovery, Findby acts as an independent controller until the record enters your active pipeline, at which point you become the controller for the purposes of outreach.

Findby processes personal data solely to provide the contracted services: lead discovery, demo-site generation, outbound email drafting, and deliverability operations. No personal data is processed for marketing, profiling, or any purpose outside that scope.

A current list of subprocessors is maintained at hi@findby.io and provided on request. Findby will give at least thirty days’ advance notice before adding or replacing a subprocessor, during which you may object on reasonable data-protection grounds.

Personal data may be transferred between the United States, the United Kingdom, and the European Economic Area. Transfers out of the EEA or UK rely on the EU and UK Standard Contractual Clauses, incorporated into this addendum by reference.

Findby maintains technical and organisational measures appropriate to the risk — including encryption in transit and at rest, access controls scoped to the principle of least privilege, audit logging on all administrative actions, and incident response procedures with seventy-two-hour notification to affected controllers.

If a data subject contacts Findby directly about data we process on your behalf, we forward the request to you within five business days and assist with the response where reasonably practicable.

On termination of the underlying agreement, Findby returns or deletes the personal data processed on your behalf within thirty days, with backup expiration at a maximum of ninety days, except where retention is required by law.

Findby provides documentation of its security and processing practices on reasonable request. Independent third-party audit rights are available to enterprise customers on a per-engagement basis under reasonable confidentiality terms.

To execute a signed copy or to request an updated subprocessor list, write to hi@findby.io.