Legal
Data Processing Addendum
Last updated: May 16, 2026
Key Highlights
- •Customer controls the data it provides
- •Digibility processes data to provide services
- •Subprocessors may be used
- •Third-party platform rules apply
Introduction
This Data Processing Addendum governs the processing of customer data and personal data by Digibility when Digibility provides its website, platform, Founder Visibility Score, Founder Visibility Pilot, visibility workflows, AI-assisted workflows, content planning, approval workflows, publishing workflows, analytics, action signal tracking, reports, support, assisted services, managed services, and related offerings.
This DPA forms part of Digibility's Terms & Conditions and applies where Digibility processes personal data on behalf of a customer as part of providing services. It should be read with Digibility's Privacy Policy, Subprocessors page, and relevant Service Agreements.
Scope and Application
This DPA applies to processing activities where Digibility processes customer personal data on behalf of a customer in connection with Digibility services. This may include data processed through website forms, Founder Visibility Scores, onboarding, content planning, and managed workflows. It does not apply to third-party platforms that independently process data.
Definitions
Customer Data
Files, assets, AI inputs/outputs, and business details provided by the customer.
Data Fiduciary/Controller
The party determining motives and means of processing.
Data Processor
Digibility, processing data on behalf of the fiduciary/controller.
Subprocessor
Third-party service provider engaged for technical delivery.
Roles of the Parties
For customer-provided personal data, the customer generally acts as the Data Fiduciary or Controller. Digibility generally acts as a Data Processor. However, Digibility may act as an independent controller for account administration, billing, security, and service improvement data.
Nature and Purpose of Processing
Digibility processes customer data to provide, operate, support, secure, and improve visibility management services. This includes score generation, campaign planning, AI drafting, and reporting.
Categories of Data Processed
We process contact info, business context, founder positioning, campaign drafts, uploaded assets (images/videos), social handle info, AI inputs/outputs, action signals, and technical logs. Customers must not submit restricted or high-risk data without express written agreement.
Categories of Data Subjects
Data subjects may include customer employees, founders, contractors, agency users, leads, prospects, and end-customers of the customer. Customers are responsible for obtaining required permissions from these individuals.
Customer Instructions
Digibility processes data based on customer instructions via platform actions, approvals, and support requests. We may refuse instructions that appear unlawful or in violation of platform policies.
Customer Responsibilities
Customers must ensure they have a lawful basis for processing, have obtained required consent, and ensure uploaded content is authorized. Verification of AI outputs and compliance with platform rules remain customer responsibilities.
Digibility's Processing Obligations
We process data only for purposes described in our Terms and instructions. We maintain reasonable security, notify of breaches as legally required, and retain data according to our governance rules.
AI-Assisted Processing
AI may be used to summarize inputs, draft content, and analyze action signals. AI outputs may be inaccurate; customers must review, verify, and approve them before publication.
Subprocessors
Digibility uses subprocessors for hosting, AI, analytics, and infrastructure. Our list of subprocessors is maintained at our Subprocessors page and updated periodically.
View Official SubprocessorsThird-Party Platforms and Integrations
Integrations with platforms like LinkedIn or Meta are controlled by those platforms. They process data under their own terms; Digibility is not responsible for their independent data practices or outages.
Security Measures
We use administrative and technical safeguards like access controls, encryption in transit, and secure hosting. No system is 100% secure; we do not guarantee absolute prevention of all cyber incidents.
Confidentiality
Personnel with access to customer data are subject to confidentiality obligations. Access is limited to those needing it to provide, support, or secure Digibility services.
Data Subject Requests
If we receive a request from an individual regarding customer-controlled data, we will direct them to you. You are responsible for responding to these requests as the data fiduciary/controller.
Data Breach and Security Incidents
Upon discovering a breach affecting customer personal data, we will notify affected customers without undue delay after initial assessment. Notifications will include incident nature and mitigation steps taken.
Data Retention and Deletion
Data is retained to provide services, comply with law, and resolve disputes. After cancellation, data may be deleted, archived, or anonymized based on technical feasibility and legal requirements.
International Transfers
Data may be processed in India or other locations where our service providers operate. Users authorize these transfers as necessary for service delivery, subject to appropriate safeguards.
Audits and Compliance Assistance
Digibility may provide info to help customers understand our data practices. Audits are subject to reasonable notice, scope, and confidentiality restrictions.
Return or Deletion of Customer Data
Upon termination, customers may request deletion of their data. We may retain records for compliance, accounting, or security as required. Customers should export vital assets before cancellation.
Limitations
We are not responsible for customer failures regarding consent, unapproved AI outputs, third-party platform actions, or customer-side security weak points like weak passwords.
Order of Precedence
This DPA fits within our overall governance. In case of conflict with another service agreement, the explicit written agreement controls only if specifically agreed by Digibility.
Changes to this DPA
We update this DPA to reflect changes in law, AI practices, or subprocessors. Continued use reflects acceptance of updated terms.