Legal
Last updated: July 9, 2026. GDPR Article 28 compliant DPA, including the EU Standard Contractual Clauses.
This Data Processing Addendum (“DPA”) forms part of the ALGO Terms of Service and applies to the extent that ALGO processes personal data on behalf of a customer in the role of a processor under the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) or the UK GDPR. Capitalized terms not defined here have the meaning given in the GDPR.
The Customer is the Controller. ALGO is the Processor. The parties acknowledge that ALGO may also process Personal Data as a Controller for its own purposes (e.g., account administration, security, billing) — those activities are governed by the ALGO Privacy Policy.
ALGO processes Customer Personal Data for the following purposes:
Customer Personal Data may include contact information (name, email, phone, employer, job title), engagement data (channel interactions, message content, call recordings/transcripts), and financial data necessary for invoicing. Data Subjects typically include the Customer's prospects, customers, employees, and contractors — as determined by the Customer.
ALGO processes Personal Data only on documented instructions from the Customer, including with regard to international transfers, unless required to do otherwise by EU or Member State law. ALGO will inform the Customer of any such legal requirement before processing, unless that law prohibits such information on important grounds of public interest.
The Customer authorizes ALGO to engage the sub-processors listed below. ALGO will notify the Customer at least 30 days in advance of any new sub-processor. The Customer may object on reasonable grounds related to data protection; the parties will work in good faith to resolve any objection.
| Sub-processor | Purpose | Location |
|---|---|---|
| Stripe, Inc. | Payment processing, fraud prevention, invoicing | United States |
| Vercel, Inc. | Hosting + edge network | United States / EU edge |
| Amazon Web Services | Database, object storage, compute | United States (us-east-1, us-west-2) |
| Postmark / ActiveCampaign | Transactional email | United States |
| Twilio, Inc. | SMS + voice (phone/dialer) | United States |
| Google LLC | Email (Gmail API) — optional user-connected | United States |
| OpenAI / Anthropic | AI inference (signal analysis, message generation) | United States |
ALGO implements appropriate technical and organizational measures, including:
ALGO will assist the Customer, by appropriate technical and organizational measures, in fulfilling its obligations to respond to Data Subject requests (access, rectification, erasure, restriction, portability, objection). To the extent the Customer cannot access the relevant Personal Data through the Service, ALGO will provide reasonable assistance.
For transfers from the EEA, UK, or Switzerland to a country not covered by an adequacy decision, the parties rely on the EU Standard Contractual Clauses (Module 2: Controller-to-Processor), which are incorporated by reference. The SCCs are deemed completed as follows:
For UK transfers, the parties additionally rely on the UK International Data Transfer Addendum issued by the UK ICO.
ALGO will make available to the Customer all information necessary to demonstrate compliance with this DPA, including the SOC 2 Type II report, by allowing the Customer to review it under NDA. Where the Customer requires an on-site audit, the parties will agree in advance on scope, timing, confidentiality, and reasonable costs.
ALGO will notify the Customer without undue delay — and in any event within 72 hours — after becoming aware of a Personal Data breach affecting Customer data. The notification will include the information required by GDPR Article 33(3) to the extent known.
Upon termination of the Service, ALGO will, at the Customer's choice, delete or return all Customer Personal Data within 90 days, and delete any existing copies, unless EU or Member State law requires storage.
Liability under this DPA is subject to the limitation of liability in the ALGO Terms of Service. The parties' total aggregate liability under or in connection with this DPA is capped at the same amount.
In the event of any conflict between this DPA and the SCCs, the SCCs prevail for matters relating to international transfers. In all other cases, this DPA prevails over the Terms of Service.
This DPA takes effect on the date the Customer accepts the ALGO Terms of Service and continues for as long as ALGO processes Personal Data on the Customer's behalf.
For DPA questions, requests to add or change sub-processors, or to exercise any rights under this DPA:
ALGO, Inc.
Attn: Data Protection Officer
Email: scaleaimarkets@gmail.com
Address: 1 Market Street, Suite 3600, San Francisco, CA 94105, USA