DATA PROCESSING ADDENDUM

LIFT Marketing System
Effective Date: January 1, 2026

This Data Processing Addendum (“DPA”) forms part of the Terms of Service between LIFT Growth Systems LLC, doing business as LIFT Marketing System (“Company,” “we,” “us,” “our”) and the customer (“Customer,” “you”).

This DPA applies to the extent that the Company processes personal data on behalf of the Customer in connection with the Services.

1. Roles of the Parties

For purposes of this DPA:

• Customer is the data controller
  
  
• LIFT Marketing System is the data processor
  
  

Customer determines the purposes and means of processing personal data uploaded to or generated through the Services.

2. Scope and Purpose of Processing

The Company processes personal data solely to:

• Provide, operate, and maintain the Services
  
• Enable CRM functionality, messaging, and automation
  
• Provide customer support and technical assistance
  
• Maintain platform security and integrity
  
• Comply with applicable legal obligations
  
  

The Company does not process data for purposes outside the Services.

3. Customer Responsibilities

Customer represents and warrants that:

• All personal data has been lawfully collected
  
• Required notices have been provided
  
• All necessary consents and permissions have been obtained
  
• Data subjects’ rights are respected
  
• Uploaded data is accurate and appropriate for use within the Services
  
  

Customer is solely responsible for responding to data subject requests, including access, correction, and deletion requests.

4. Data Types

Personal data processed may include, depending on Customer usage:

• Names
  
• Email addresses
  
• Phone numbers
  
• Business information
  
• Contact records
  
• Message content
  
• CRM activity data
  
  

The Services are not intended for sensitive or regulated data unless Customer independently confirms legal compliance.

5. Subprocessors

Customer acknowledges that the Company relies on third-party subprocessors to deliver the Services, including providers for:

• Cloud hosting and infrastructure
  
• Messaging and email delivery
  
• Analytics and monitoring
  
• Payment processing
  
• Support tools
  
  

Use of the Services constitutes authorization for the Company to engage such subprocessors as necessary.

6. Data Location and Transfers

Personal data may be processed and stored in the United States or other jurisdictions where the Company or its subprocessors maintain facilities.

Customer consents to such processing and storage locations.

7. Security Measures

The Company implements reasonable administrative, technical, and physical safeguards designed to protect personal data, consistent with industry standards and underlying platform capabilities.

No system is completely secure. The Company does not guarantee absolute security.

8. Data Incidents

In the event of a confirmed data security incident involving Customer data under the Company’s control, the Company will provide reasonable notice without undue delay, subject to available information and legal restrictions.

The Company does not guarantee prevention of all incidents.

9. Data Retention and Deletion

Data retention and deletion practices are governed by the Privacy Policy and the Terms of Service.

Customer is responsible for exporting data prior to account cancellation.

Deletion is subject to technical, contractual, and legal limitations, including backup retention.

10. Limitation

This DPA does not:

• Create obligations beyond the Terms of Service
  
• Modify limitation of liability provisions
  
• Create third-party beneficiary rights
  
  

In the event of conflict, the Terms of Service control.

11. Term

This DPA remains in effect for the duration of the Company’s processing of personal data on behalf of the Customer.

12. Governing Law

This DPA is governed by the laws of the State of Michigan and applicable United States federal law.

13. Contact

Questions regarding this DPA may be directed to:

hello@liftmarketingsystem.com