Data Processing Addendum (DPA)

Scale & Success AI
Hilgart Enterprises, LLC

Effective Date: 12/15/2025

This Data Processing Addendum (“DPA”) supplements the Scale & Success AI Terms of Service and Privacy Policy when you use the Platform to process personal data subject to GDPR or similar laws.

1. Roles

You act as the “Data Controller.”

Hilgart Enterprises, LLC acts as the “Data Processor.”

2. Subject Matter and Purpose

We process personal data only as necessary to provide the Platform and related Services, including CRM, automations, communications, and AI-based features.

3. Categories of Data

Personal data processed may include:

Names, contact details, and communication preferences

Business information

CRM records and interaction history

AI interaction logs

Technical usage data

No PHI, FERPA-protected, or regulated financial data should be processed.

4. Duration

We process data for as long as required to provide Services or as requested by you, and as needed to comply with legal obligations and backup retention.

5. Controller’s Responsibilities

You confirm that:

You have a lawful basis to collect and process personal data

You obtain any required consents from individuals

You provide data subject rights (access, correction, deletion) as required

You will not instruct us to process data in violation of applicable laws

6. Processor’s Responsibilities

We will:

Process personal data only on your documented instructions (i.e., via your use of the Platform)

Implement appropriate technical and organizational security measures

Notify you without undue delay of any personal data breach we become aware of

Assist you, to the extent reasonably possible, in responding to data subject requests

Assist with security and impact assessments, when required and feasible

Delete or return personal data at the end of our relationship, subject to legal retention

7. Sub-Processors

You authorize us to engage Sub-Processors to support the Platform, including but not limited to:

Hosting providers

Payment processors

Telephony providers

AI and LLM providers

Email service providers

Automation and integration tools

We will ensure such Sub-Processors are bound by data protection obligations no less protective than this DPA.

8. International Transfers

You acknowledge that personal data may be transferred to and processed in the United States and other jurisdictions with different data protection laws. We will take reasonable steps to ensure an appropriate level of protection.

9. Data Subject Requests

If we receive a request directly from a data subject:

We will, where feasible, notify you and refer the data subject to you

We will assist you in fulfilling such requests as required by law

10. Security Measures

We implement reasonable measures including:

Encryption in transit (where appropriate)

Access controls and authentication

Secure data center practices

Logging and monitoring

11. Liability and Governing Law

This DPA is subject to the liability limitations and governing law set forth in the Terms of Service (Nevada, USA).