Connect to Hubspot Get Demo

Data Processing Agreement (DPA)

Effective Date: December 1, 2024

1) Purpose of this DPA

This Data Processing Agreement (“DPA”) is part of the Terms and Conditions and applies when Rizer Inc. (“Rizer,” “we,” “our”) processes personal data on behalf of a customer (“Customer,” “you”).

This DPA reflects the parties’ agreement on:

  • Roles and responsibilities under GDPR (EU/UK), CCPA/CPRA (California), and other global privacy laws.
  • Security measures and safeguards for Customer Data.
  • The use of vetted sub-processors (AI/analytics providers, hosting, etc.).

By signing up for and using Rizer, you automatically enter into this DPA, which is incorporated by reference into our Terms and Conditions.

2) Roles and Scope

  • Customer as Controller/Business – decides the purposes and means of processing Customer CRM data.
  • Rizer as Processor/Service Provider – processes Customer Data strictly under Customer instructions.
  • Controller Context Reminder – for website visitors, marketing data, and analytics, Rizer acts as a Controller. See our Privacy Policy.

3) Subject Matter of Processing

The Service processes Customer CRM data (e.g., contacts, companies, deals, notes, emails, call transcripts, activities) for the purposes of:

  • Analyzing lost deals to identify root causes.
  • Providing AI-assisted insights and recommendations.
  • Enabling re-engagement campaigns.
  • Creating or updating deals in Customer’s CRM pipeline for follow-up.

Processing is limited to these purposes and as otherwise instructed by Customer.

4) Security Measures

Rizer maintains appropriate technical and organizational safeguards, including but not limited to:

  • Encryption of data at rest and in transit.
  • Multi-factor authentication and role-based access.
  • Logging, monitoring, and vulnerability management.
  • Regular backups and disaster recovery.
  • Incident response plan and breach notification procedures.

Details are provided in Annex II – Security Measures.

5) Sub-Processors

We may engage vetted sub-processors to support delivery of the Service.

  • The current list of sub-processors is maintained in Annex III – Sub-Processors.
  • As of the Last Updated date, these include:
    • OpenAI – AI analysis & insights.
    • Google Gemini (Google Cloud) – AI inference and hosting services.
    • Anthropic Claude – AI reasoning and recommendations.
    • Google Analytics via Google Tag Manager – website usage analytics.
  • We will provide at least 30 days’ advance notice of material changes to Annex III. Customers may object on documented grounds; if unresolved, you may terminate affected functionality.

6) International Transfers

Where Customer Data is transferred outside the EEA/UK/Switzerland, Rizer and its sub-processors rely on recognized safeguards, including:

  • Standard Contractual Clauses (SCCs)
  • UK Addendum and Swiss add-on
  • EU-US / UK-US / Swiss-US Data Privacy Frameworks

Details are outlined in Annex IV – Cross-Border Safeguards.

7) Assistance with Data Subject Rights

Rizer will, where technically feasible and legally required, assist Customers in fulfilling their obligations regarding:

  • Data access, rectification, deletion, and portability.
  • Objection and restriction requests.
  • Breach notifications.

8) Termination, Data Return & Deletion

Upon termination of the Service:

  • Customer may export Customer Data in standard formats (CSV/JSON/API).
  • We will retain data for 30 days post-termination, then securely delete it (unless legally required to retain longer).

9) Annexes (Downloadable PDFs)

The detailed legal terms are available as annexes:

10) Execution / Binding Clause

By using Rizer, you agree to this DPA, which forms part of our Terms and Conditions.

For enterprise customers who require a countersigned copy, please contact support@rizer.io.

11) Contact Us

Rizer Inc.
2628 Maxwell Street
Philadelphia, PA 19152
United States
support@rizer.io | +1 (917) 300-1925