Onboarding is temporarily closed — Join the waitlist

Data Processing Agreement

Our Email

[email protected]

Call Us

06 20 511 5430

Or use the form below

Effective Date: 12.09.2025
Last Updated: 12.09.2025

This Data Processing Agreement (“DPA”) forms part of the Terms of Service between Kalingo LLC (“Kalingo”, “Processor”) and the Customer (“Controller”).

1. Subject Matter and Duration

This DPA governs the processing of personal data by Kalingo on behalf of the Controller in connection with the Services.

The duration of this DPA corresponds to the term of the Customer’s subscription to the Services.

2. Roles and Responsibilities

The Customer acts as Data Controller under GDPR.

Kalingo acts as Data Processor, processing personal data only on documented instructions from the Controller.

Kalingo shall not determine the purposes or means of processing.

3. Categories of Data and Data Subjects

Personal data processed may include: contact data, CRM records, lead/subscriber data, communication metadata, and other personal data uploaded by the Controller.

Categories of data subjects may include: customers, leads, prospects, employees, or other individuals whose data is processed by the Controller via the Services.

4. Processor Obligations

Kalingo agrees to:

Process personal data only on documented instructions from the Controller, unless required by law.

Ensure persons authorized to process the data are bound by confidentiality.

Implement appropriate technical and organizational measures (TOMs) for data security (encryption, access control, backups, breach detection).

Notify the Controller without undue delay of any personal data breach.

Assist the Controller with fulfilling obligations regarding data subject rights (Art. 15–22 GDPR).

Assist with data protection impact assessments (DPIAs) where relevant.

Delete or return all personal data at the end of service provision, unless retention is required by law.

Make available to the Controller all information necessary to demonstrate compliance and allow for reasonable audits.

5. Sub-Processors

We do not sell or rent personal data.

We may share personal data with trusted sub-processors for hosting, communications, and integrations, including (but not limited to):

Cloud hosting: Amazon Web Services (AWS), Google Cloud Platform (GCP).

Email/SMS providers: Mailgun, SendGrid, Twilio.

Payment processing: Stripe.

Where data is transferred outside the EU/EEA, appropriate safeguards are applied, such as the European Commission’s Standard Contractual Clauses (SCCs).

6. International Data Transfers

Kalingo may transfer personal data outside the EU/EEA where necessary for service provision, subject to GDPR Chapter V safeguards, including SCCs.

7. Controller Obligations

The Controller shall:

Ensure it has a lawful basis for processing personal data.

Provide instructions to Kalingo that are lawful and GDPR-compliant.

Remain responsible for the accuracy, quality, and legality of personal data.

8. Security

Kalingo shall implement and maintain appropriate technical and organizational measures, including but not limited to:

Encryption in transit and at rest

Logical separation of customer data

Access control and authentication measures

Data backups and disaster recovery

Regular vulnerability testing

9. Liability

Each party shall be liable for damages caused by processing that infringes GDPR to the extent it is responsible for the damage.

Where both parties are involved, liability shall be apportioned in accordance with Art. 82 GDPR.

10. Termination

Upon termination of the Services, Kalingo shall delete or return all personal data at the Controller’s choice, unless retention is required by Hungarian or EU law.