Last updated: April 2, 2026
This Privacy Addendum supplements the Inzata Privacy Policy and constitutes a Data Processing Agreement (DPA) as required by applicable data protection laws including GDPR, CCPA, and other regional regulations.
For the purposes of data protection laws, the customer is the Data Controller and Inzata acts as the Data Processor. Inzata processes personal data only on documented instructions from the customer.
Inzata may engage sub-processors to assist in providing the services. A current list of sub-processors is available upon request. Customers will be notified of changes to sub-processors with 30 days' advance notice.
Inzata will assist customers in responding to data subject requests including access, rectification, erasure, portability, and restriction of processing, to the extent required by applicable law.
Where personal data is transferred outside the European Economic Area, Inzata ensures adequate safeguards through Standard Contractual Clauses (SCCs) or other approved transfer mechanisms.
Upon termination of the service agreement, Inzata will delete or return all customer personal data within 90 days, unless retention is required by applicable law.
Inzata implements appropriate technical and organizational measures to protect personal data, as described in our Security Policies. These measures are regularly reviewed and updated.
In the event of a personal data breach, Inzata will notify the customer without undue delay and no later than 72 hours after becoming aware of the breach.