pinqiopinqio

Legal

Data Processing Addendum

Effective 2026-04-22

This Data Processing Addendum ("DPA") supplements our Terms of Service and governs the processing of personal data when you (the "Controller") use Pinqio (the "Processor") on a Teams plan. By subscribing to a Teams plan, you and Pinqio agree to this DPA.

1. Roles

  • You act as the Controller of personal data you process through Pinqio — your team's accounts, your LinkedIn contacts, the content of conversations you capture.
  • Pinqio acts as the Processor, processing personal data only on your documented instructions, which include your configuration of the Services.

2. Subject matter and duration

  • Subject matter: storing and rendering your LinkedIn DM pipeline; routing prompts to LLM providers you configure; sending transactional emails.
  • Duration: for the term of your subscription, plus the retention periods in our Privacy Policy.

3. Categories of data and data subjects

  • Team member data: name, email, role, session, IP address.
  • LinkedIn contact data: public profile fields you observe via the Chrome Extension — name, role, company, public URL, avatar.
  • Message content: messages you send and receive through LinkedIn that you capture in Pinqio.
  • AI prompt / response data: conversation context you submit to the configured LLM provider.

4. Pinqio's obligations

  • Process personal data only on your documented instructions.
  • Ensure staff with access to personal data are bound by confidentiality.
  • Implement technical and organizational security measures (TLS, AES-256 at-rest encryption of secrets, access control, append-only audit logging, 2FA for all admins).
  • Assist you in responding to data subject requests (access, correction, deletion, portability).
  • Notify you without undue delay (and in any case within 72 hours of becoming aware) of any personal data breach involving your data.
  • On termination, delete or return all personal data, subject to our retention schedule.

5. Sub-processors

You authorize Pinqio to engage the sub-processors named in our Privacy Policy under the "Sub-processors" section. We will notify you (via in-product announcement or email to your Owner admin) at least 30 days before adding or replacing a sub-processor, giving you the opportunity to object.

6. International transfers

Personal data is stored in the United States (Railway + our sub-processors). Where required, Pinqio and its sub-processors rely on the EU Standard Contractual Clauses and UK IDTA for transfers of EU/UK personal data. A copy of the executed SCCs is available on request to legal@pinqio.com.

7. Data subject rights

You may export or delete team and contact data at any time via the Pinqio admin panel or by emailing privacy@pinqio.com. We execute deletion requests within 30 days unless a longer retention is required by law.

8. Audits

Pinqio provides documentation of its security practices (in our Privacy Policy) and, upon reasonable notice, answers written questionnaires from Teams customers. Physical audits are not available given our cloud-native stack; Railway, Stripe, Resend, and Cloudflare publish their own SOC 2 reports on request.

9. Liability

Each party's liability under this DPA is subject to the limitation of liability in the Terms of Service.

10. Execution

By activating a Teams plan, you execute this DPA. For a counter-signed PDF, email legal@pinqio.com.