Last updated: June 1, 2026

Data Processing Agreement

This DPA forms part of the agreement between your organization (the Data Controller) and BuyerPass (the Data Processor) and governs the processing of personal data carried out when you deploy our pixel and intent tools.

1. Roles of the Parties

For data you collect from visitors to your own properties, your organization acts as the Data Controller and determines the purposes and means of processing. BuyerPass acts as the Data Processor, processing personal data only on your documented instructions and to provide the contracted services.

2. Scope & Subject Matter of Processing

  • Subject matter: identity resolution of website visitors and provisioning of intent signals and incentive fulfillment.
  • Duration: for the term of your active subscription plus any legally required retention period.
  • Nature & purpose: de-anonymization, scoring, and delivery of marketing intelligence to the Controller.
  • Categories of data subjects: visitors to the Controller's digital properties and target prospects.

3. Processor Obligations

  • Process personal data only on the Controller's documented instructions.
  • Ensure personnel authorized to process data are bound by confidentiality.
  • Implement appropriate technical and organizational security measures as described in our Security overview.
  • Assist the Controller in responding to data subject rights requests and regulatory inquiries.
  • Delete or return personal data at the end of the engagement, subject to legal retention requirements.

4. Sub-Processors

The Controller authorizes BuyerPass to engage vetted sub-processors (for hosting, identity matching, and reward fulfillment). We maintain a current list of sub-processors and impose data protection obligations on each that are no less protective than those in this DPA.

5. International Transfers

Where personal data is transferred across borders, we rely on appropriate safeguards such as Standard Contractual Clauses to ensure an adequate level of protection.

6. Security & Breach Notification

BuyerPass maintains the safeguards described in our Security overview and will notify the Controller without undue delay after becoming aware of a personal data breach affecting the Controller's data.

7. Requesting a Signed Copy

Enterprise customers requiring a countersigned DPA can request one from legal@buyerpass.com.

This document is provided as a starting template and does not constitute legal advice. Have it reviewed by qualified counsel before relying on it in production.