Data Processing Addendum
How Text Crow processes personal data on your behalf as a processor.
Last updated: July 13, 2026
This Data Processing Addendum ("DPA") forms part of the agreement between you ("Controller") and Text Crow ("Processor") for the provision of the Service, and reflects the parties' agreement on the processing of personal data.
1. Definitions
"Personal Data", "Processing", "Controller", "Processor", and "Data Subject" have the meanings given in applicable data protection law, including the GDPR and the UK GDPR. "Sub-processor" means any processor engaged by us to process personal data on your behalf.
2. Roles and scope
You are the Controller and we act as Processor with respect to personal data you submit to the Service. We process personal data only on your documented instructions, including as set out in the agreement and this DPA, unless required to do otherwise by law.
3. Nature of processing
We process contact identifiers (such as phone numbers), message content, delivery metadata, and consent records for the purpose of providing messaging, routing, inbox, analytics, and compliance features. The duration of processing is the term of the agreement.
4. Confidentiality
We ensure that personnel authorized to process personal data are bound by appropriate confidentiality obligations and receive appropriate data protection training.
5. Security
We implement appropriate technical and organizational measures to protect personal data, including encryption in transit and at rest, role-based access controls, tenant isolation, and an immutable audit ledger, as further described in our security overview.
6. Sub-processors
You authorize us to engage sub-processors — including the messaging and URL-shortening providers you connect — to process personal data. We impose data protection obligations on sub-processors that are no less protective than those in this DPA, and remain responsible for their performance.
7. Data subject requests
Taking into account the nature of the processing, we provide reasonable assistance to help you respond to requests from data subjects to exercise their rights under applicable law.
8. Personal data breach
We notify you without undue delay after becoming aware of a personal data breach affecting your data and provide information reasonably necessary for you to meet your notification obligations.
9. International transfers
Where personal data is transferred across borders, we rely on an appropriate transfer mechanism, such as the Standard Contractual Clauses, to the extent required by applicable law.
10. Deletion and return
On termination of the Service, we delete or return personal data in accordance with the agreement, except where retention is required by law. Records in the immutable ledger are retained for the period required for audit and compliance purposes.
11. Audits
We make available information reasonably necessary to demonstrate compliance with this DPA and allow for audits, subject to reasonable confidentiality and security safeguards.
12. Contact
Questions about this DPA or to request the signed version and our Standard Contractual Clauses, email [email protected].