Data Processing Addendum.

This Data Processing Addendum ("DPA") forms part of the Agreement between MagicFunnel, Inc. and Customer for the provision of the Service. It reflects the parties' agreement on the processing of Personal Data in accordance with applicable Data Protection Laws, including the GDPR and UK GDPR.

1. Roles of the parties

The parties acknowledge that with regard to the processing of Personal Data, Customer is the Controller and MagicFunnel is the Processor.

2. Subject matter and duration

The subject matter is the provision of the Service. The duration of processing equals the term of the Agreement.

3. Sub-processors

A current list of sub-processors is maintained at magicfunnel.io/subprocessors. We notify Customer of any new sub-processor 30 days before granting access.

4. International transfers

We rely on the EU Standard Contractual Clauses and the UK International Data Transfer Addendum for cross-border transfers, plus supplementary measures where required.

5. Security measures

We maintain technical and organizational measures detailed in our Security overview, including encryption, access controls, SOC 2 Type II compliance, and incident response procedures.

6. Audits

Customer may request our SOC 2 Type II report annually under NDA. Onsite audits are available for Enterprise customers under reasonable conditions.

7. Signing

To countersign this DPA, contact legal@magicfunnel.io. We can return a signed copy within 1 business day.