Legal

Data Processing Addendum

How SpamKill processes personal data on behalf of customers, including sub-processors, security measures, and data subject rights.

Last updated: April 28, 2026

Introduction

This Data Processing Addendum ("DPA") is part of the Terms of Service between SpamKill Inc. ("Company") and the Customer (together as the "Parties"). This DPA reflects the Parties' agreement with respect to the terms governing the processing of personal data under the Agreement.

Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Data Subject: The end users and subscribers whose data is processed by SpamKill Inc.
  • Processing: Any operation performed on personal data, including collection, storage, use, and deletion.
  • Sub-Processor: Any third party engaged by the Company to process personal data.

Scope of Processing

SpamKill Inc. processes personal data submitted through protected web forms to filter out spam bot submissions and processes payments for subscribers through third-party sub-processors.

Data Subjects

The data subjects include:

  • End Users who submit data via forms protected by SpamKill's services.
  • Subscribers who engage with SpamKill's services and make payments.

Security Measures

SpamKill Inc. does not store any end-user data unless monitoring is requested by the subscriber. Subscriber data is stored strictly for purposes essential to delivering our services, including billing, communication, and product updates. We implement robust security protocols to safeguard all stored data.

Data Breach Protocol

SpamKill Inc. has a comprehensive data breach response plan in place, ensuring timely notifications and mitigation actions in compliance with applicable laws.

Sub-Processors

SpamKill Inc. uses the following sub-processors:

  • AWS: Cloud services provider.
  • Hivelocity: Server hosting.
  • Chargebee: Subscription management.
  • Stripe: Payment processing.
  • Zendesk: Helpdesk support.

Sub-processors only have access to data strictly necessary for the services they provide.

International Data Transfers

SpamKill Inc. is a company registered and operating in Canada. While we are based in Canada, the processing and storage of data may occur in data centers located in the United States. SpamKill Inc. ensures that all data processing and storage is conducted in accordance with applicable Canadian data protection laws, and where relevant, ensures compliance with cross-border data transfer requirements.

Data Subject Rights

SpamKill Inc. honors data deletion requests promptly and ensures data subjects can access, correct, or delete their data in accordance with applicable laws.

Retention Policy

Data is retained only as necessary and is deleted upon request, except for payment-related data, which is kept for accounting and compliance purposes.

Compliance with Laws

SpamKill Inc. complies with GDPR, PIPEDA, and other relevant data protection laws.

Supervisory Authority

For Canadian data subjects, the Office of the Privacy Commissioner of Canada (OPC) serves as the supervisory authority. For EU data subjects, the relevant Data Protection Authority in the applicable EU member state will apply.

Liability and Indemnity

The liability of SpamKill Inc. is governed by the terms set out in our Terms and Conditions.

Contact Information

For any privacy-related inquiries, please contact SpamKill Inc.:

[email protected]