Auto-sync, organize, tag, unify, find and manage content assets.
Deploy and track content links to reveal buyer intent at scale.
Build and share AI-enabled slides, docs, forms and emails instantly.
Automated RFx response management, with AI precision.
Dynamic sales playbooks and plays to keep teams on message.
TrustEffective Date: 01 January, 2026
This Data Processing Addendum (“Addendum”) is incorporated into and forms a functional part of the SalesVault Terms of Service (the “Agreement”). This Addendum applies where SalesVault Processes Customer Personal Data as a Processor on behalf of the Customer (as Controller) to provide the Services. In the event of a conflict between this Addendum and the Agreement, this Addendum shall prevail.
2.1 Instructions: Processor shall Process Personal Data only on the documented instructions of the Controller.
2.2 Google Workspace Integrity: Processor’s use and transfer of information received from Google APIs will strictly adhere to the Google API Services User Data Policy, including the Limited Use requirements.
2.3 AI Processing Isolation: Processing conducted via the Google Gemini API occurs in a siloed, transactional environment. Processor warrants that Customer Personal Data will never be utilized by the AI Subprocessor to train foundational, public, or cross-tenant machine learning or artificial intelligence models without the Controller’s prior written authorization.
2.4 CCPA/CPRA Service Provider Warranty: SalesVault shall not: (a) sell or share Customer Personal Data; (b) retain, use, or disclose Personal Data for any purpose other than for the specific business purpose of performing the Services; or (c) combine Personal Data received from the Customer with Personal Data received from other sources, except as permitted by the CCPA/CPRA.
3.1 Authorization: Controller provides a general written authorization for the engagement of the Subprocessors listed below.
3.2 Notification & Objection: Processor shall notify Controller of any intended changes to its Subprocessors via account email at least thirty (30) days prior to engagement. If the Processor cannot accommodate a reasonable objection, the Controller's exclusive remedy is to terminate the Agreement. In the event of such termination, Customer shall not be entitled to a refund of any pre-paid, unused fees, in accordance with Section 10.6 of the Agreement.
SUBPROCESSOR DIRECTORY
| Subprocessor | Category | Location | Processing Function |
|---|---|---|---|
| Google Cloud (GCP) | Infrastructure | USA/Global | Primary hosting, database, and encrypted storage. |
| Google Gemini API | AI / ML | USA/Global | AI-powered content management and automated categorization, organization, tagging, generation, and updation of content. |
| PostHog, Inc. | Product Analytics | USA | Interaction tracking and feature adoption metrics. |
| Stripe, Inc. | Payment / Billing | USA/Global | PCI-compliant subscription, payments and billing management. |
| Apollo.io | Sales Intelligence | USA | Lead enrichment, lead management and sales intelligence. |
| Zoho CRM / Pipedrive CRM / Copper CRM | Internal CRM | USA | Internal customer account management and support. |
| Chatwoot | Customer Support | USA/Global | Omnichannel customer support platform for real-time user communication and query management. |
| CookieYes | Compliance | UK/Global | Consent Management Platform (CMP) infrastructure. |
| YouTube API | Media Services | USA/Global | Video enablement and content integration. |
| Pexels API | Media Services | USA/Global | Digital asset integration for Slides/Docs Add-ons. |
| Google Analytics 4 | Web Analytics | USA/Global | Performance optimization (with IP Anonymization). |
| Functional Software, Inc. (d/b/a Sentry) | Application Monitoring | USA / EU | Real-time error monitoring, performance tracking, and diagnostic logging to identify and resolve software bugs. |
4.1 Technical Measures: Processor shall maintain enterprise-grade technical measures, including AES-256 encryption at rest, TLS 1.2+ or TLS 1.3 in transit, and multi-tenant logical isolation on GCP, and the use of non-persistent session identifiers and cookieless tracking architecture for non-consenting users as described in the Cookie Policy.
4.2 Security Assessments: Processor shall make available to Controller information necessary to demonstrate compliance via Summary Security Reports detailing Processor's alignment with SOC 2 principles and GCP security architecture.
4.3. Risk Allocation and Enhanced Liability Cap:
(a) Internal Security: Processor maintains a comprehensive internal security program designed to mitigate risks associated with the Processing of Personal Data.
(b) Data Breach Cap: SalesVault’s total combined aggregate liability for "Data Protection Claims" (defined as any claim arising from a breach of this Addendum or applicable Data Protection Laws) shall be strictly subject to the 'General Cap' ceiling set forth in Section 11.2(a) of the Terms of Service. For the avoidance of doubt, such liability shall never exceed the total amount of fees paid by the Customer to SalesVault in the six (6) months immediately preceding the event giving rise to the liability.
(c) No Double Recovery: For the avoidance of doubt, the liability cap defined in Section 4.3(b) represents the absolute maximum total recovery for all data-related claims and shall not be stacked upon or added to the General Cap of the Terms of Service. In no event shall SalesVault’s total combined liability for all claims under the Agreement and this Addendum combined exceed the maximum financial ceiling specified in Section 11.2(a) of the Terms of Service.
5.1 Self-Serve Assistance: Processor’s platform provides functional tools to enable Controller to fulfill Data Subject requests (access, deletion, portability) autonomously.
5.2 Global Privacy Control (GPC): Processor’s platform is engineered to detect and honor GPC signals, automatically opting Users out of non-essential Processing in compliance with US State Privacy Laws.
Upon termination of the Services, Processor shall delete all Customer Personal Data from active production environments within thirty (30) days, except where continuous retention is mandated by applicable statutory law or expressly authorized under the historical sync horizons established in Section 6.6 of the Terms of Service.
