Data Processing Agreement
Last updated: February 2026
1. Introduction
This Data Processing Agreement ("DPA") forms part of the agreement between EnrichGraph ("Processor") and the customer ("Controller") for the use of EnrichGraph API services. This DPA sets out the terms governing our processing of personal data on your behalf.
2. Scope of Processing
EnrichGraph processes personal data solely to provide real-time B2B professional data enrichment services as requested by the Controller through our API. The categories of data processed include professional profile information, employment data, educational data, and publicly available contact information. We do not maintain a persistent database of personal records -- data is fetched in real time upon each API request.
3. Data Subject Rights
We will assist the Controller in responding to data subject requests regarding access, rectification, erasure, restriction, portability, and objection to processing. Since we do not maintain a static database, data subject rights regarding our real-time data sources should be directed to the original data source. Requests can be submitted to support@getenrichgraph.io.
4. Security Measures
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption of data in transit (TLS/SSL), access controls and authentication for API access, regular security assessments, and incident response procedures.
5. Sub-processors
We may engage sub-processors to assist in providing our services. We will maintain a list of sub-processors and notify the Controller of any changes. All sub-processors are bound by data processing obligations no less protective than those set out in this DPA.
6. Data Breach Notification
In the event of a personal data breach, we will notify the Controller without undue delay after becoming aware of the breach. The notification will include the nature of the breach, categories and approximate number of records affected, likely consequences, and measures taken or proposed to address the breach.
7. International Data Transfers
Where personal data is transferred outside of the European Economic Area, we ensure that appropriate safeguards are in place in accordance with applicable data protection laws, including standard contractual clauses or other approved transfer mechanisms.
8. Audit Rights
The Controller may audit our compliance with this DPA upon reasonable notice. We will make available all information necessary to demonstrate compliance and allow for and contribute to audits conducted by the Controller or an authorized auditor.
9. Term and Termination
This DPA shall remain in effect for the duration of our service agreement. Upon termination, we will delete or return all personal data processed on behalf of the Controller, unless retention is required by law.
10. Contact
For questions about this DPA or to request a signed copy, contact us at support@getenrichgraph.io.