Data Processing Agreement (DPA)
Version: 1.0
Effective Date: Date of Customer acceptance of Terms of Service
This Data Processing Agreement (“DPA”) is effective as of the date the Customer accepts the Terms of Service (“Effective Date”) and is entered into by and between:
- The Customer ( the “Controller”) – The individual or entity utilizing the Linksync Extension.
- Inspire Labs Ltd ( the “Processor”) – The provider of the Linksync Extension.
1. Roles and Instructions
1.1. Controller and Processor
The parties confirm that the Customer acts as the Controller and Linksync acts as the Processor with respect to the User Data (as defined in Appendix 1).
1.2. DPA Execution
By clicking “I Agree” to the Terms of Service, the Controller hereby executes this DPA and instructs the Processor to perform the processing activities detailed in Appendix 1.
1.3. LLM Sub-processing Warranty
The Processor warrants that a formal, executed DPA is in place with its LLM Sub-processor (e.g., OpenAI, L.L.C.), which contractually prohibits the use of the User Data (screenshots and extracted text) for the purpose of training or improving its large language models.
2. Processor Obligations
2.1. Security (Article 32)
The Processor shall implement the Technical and Organizational Measures (TOMS) set out in Appendix 2.
2.2. Breach Notification
The Processor shall notify the Controller of any Personal Data Breach concerning the User Data without undue delay, and in any event no later than 48 hours after becoming aware of it.
2.3. Assistance
The Processor shall provide reasonable assistance to the Controller in meeting the Controller’s obligations regarding Data Subject Rights (e.g., erasure) and DPIAs.
3. Sub-processing and Third Parties
3.1. Sub-processors
The Controller grants the Processor general authorization to engage Sub-processors, including OpenAI, L.L.C. for AI analysis. The Processor shall inform the Controller of any intended changes to the list of Sub-processors.
3.2. CRM Providers (HubSpot)
The Controller acknowledges that when data is synced to the Controller’s designated CRM (e.g., HubSpot), the CRM provider is not a Sub-processor of Linksync, but a separate Data Processor (or Controller) engaged directly by the Customer.
3.3. Payment Processors (Stripe)
The processing of payment details via Stripe is separate from the User Data governed by this DPA. Stripe acts as an independent controller/processor for this financial data.
Appendix 1: Details of the Processing
| Field | Description based on Linksync Operations |
|---|---|
| A. Subject Matter of the Processing | The extraction, AI-driven analysis, and temporary retention of publicly visible B2B Personal Data contained within LinkedIn profiles as captured via a screenshot, and the subsequent transfer of the extracted text data to the Controller’s designated CRM. |
| B. Duration of the Processing | The processing occurs for the duration of the Controller’s use of the Service. The screenshot data is retained for the brief period necessary for AI analysis (seconds) by the Processor and its Sub-processor and is then immediately and permanently deleted. |
| C. Nature and Purpose of the Processing | LLM-driven OCR and field extraction. The purpose is to utilize advanced LLM capabilities for accurate, structured business contact record generation as instructed by the Controller. |
| D. Categories of Personal Data | 1. Visual Data: The captured screenshot/image (including the profile photo). 2. Extracted Data: Name, job title, company name, public URLs, and professional contact fields extracted from the profile. |
| E. Categories of Data Subjects | Business professionals with publicly accessible profiles on the LinkedIn platform who are targeted and processed by the Controller (the User). |
Appendix 2: Technical and Organizational Measures (TOMS)
The Processor (Inspire Labs Ltd) commits to implementing the following TOMs:
1. Measures to Secure Transmission and Storage (Focused on LLM Processing)
| Area | Technical/Organizational Measures |
|---|---|
| Data in Transit | All data, including the screenshot image, transmitted to the Processor’s servers and to the LLM Sub-processor’s API must use Transport Layer Security (TLS 1.2 or higher) encryption. |
| Data Minimization & Retention | Immediate Deletion & Zero Retention: The captured screenshot data is subject to immediate, automatic, and permanent deletion by Linksync and is contractually subject to a zero data retention policy by the LLM Sub-processor upon completion of field extraction. |
| Access Control | Access to all logs and infrastructure is strictly limited, role-based, and secured by Multi-Factor Authentication (MFA), adhering to the principle of least privilege. |
2. Confidentiality, Integrity, and Resilience
| Area | Measure |
|---|---|
| Confidentiality | All Processor personnel are subject to formal confidentiality agreements and receive mandatory training on data privacy. |
| Data Recovery | Routine backups (excluding the intentionally deleted screenshot files) are encrypted and stored securely to ensure service resilience. |
| Incident Management | A documented Security Incident Response Policy is maintained to ensure timely and effective handling of data breaches, including notification to the Controller within the 48-hour DPA commitment. |
DPA Acceptance and Audit Trail
By clicking “I Agree” to the Terms of Service, you automatically execute this Data Processing Agreement. Your acceptance will be securely recorded with:
- Client ID (HubSpot Portal ID or email address)
- Full timestamp of acceptance
- DPA version (1.0)
- IP address
- Method of acceptance (click-wrap)
- Referring page URL
- Browser user agent
- Exact consent text displayed at time of acceptance
This digital audit trail is maintained for 10 years in compliance with GDPR requirements and is available for regulatory inspection upon request.
Contact Information
Inspire Labs Ltd
Email: support@linksyncer.com
Website: https://linksyncer.com