Data Processing Agreement

Parties to This Agreement

Data Controller

The Client (You)

The licensed real estate broker or business entity subscribing to YourCloudAgent services. You determine the purposes and means of processing personal data of your leads and contacts.

Data Processor

YourCloudAgent LLC

Processes personal data only on your documented instructions to deliver CRM automation, lead management, and communications services.

1. Definitions

• "Personal Data" means any information relating to an identified or identifiable natural person, including but not limited to names, phone numbers, email addresses, and property inquiry details of your leads and clients.

• "Processing" means any operation performed on Personal Data, including collection, storage, use, transmission, and deletion.

• "Data Controller" means the entity (you) that determines the purposes and means of processing Personal Data.

• "Data Processor" means YourCloudAgent LLC, which processes Personal Data on behalf of the Data Controller.

• "Sub-processor" means third parties engaged by YourCloudAgent to assist in delivering services.

2. Processing Instructions & Scope

YourCloudAgent processes Personal Data only on documented instructions from you, the Client. The scope of processing is limited to:

• Receiving and storing inbound lead contact information (name, phone, email, inquiry details)

• Sending automated SMS and email messages to your leads on your behalf

• Managing lead pipeline stages and contact records

• Routing leads through automation workflows you have configured or approved

• Generating reports on lead activity for your review

YourCloudAgent will not process Personal Data for any other purpose, including our own marketing, without your explicit written consent.

3. Confidentiality

YourCloudAgent ensures that all personnel authorized to process Personal Data on your behalf are bound by appropriate confidentiality obligations. Access to your contact data is limited to team members who require it to deliver our services.

4. Security Measures

YourCloudAgent implements and maintains appropriate technical and organizational security measures to protect Personal Data, including:

• Encryption of data in transit (HTTPS/TLS) and at rest

• Access controls and role-based permissions

• Regular security assessments of our platform and processes

• Incident response procedures for data breaches

• Employee training on data handling and privacy practices

YourCloudAgent relies on GoHighLevel's enterprise-grade infrastructure, which includes SOC 2 compliant data centers and industry-standard security controls.

5. Sub-processors

You authorize YourCloudAgent to engage the following sub-processors to assist in delivering our services:

Approved Sub-processors

Sub-processorPurposeLocationGoHighLevelCRM platform, automation, communications infrastructureUnited StatesTwilioSMS and voice communications deliveryUnited StatesStripePayment processing (client billing data only)United StatesGoogle LLCEmail infrastructure, analytics (anonymized)United StatesSPARK APIMLS listing data (read-only, no personal data shared)United StatesApifyProperty data aggregation (no personal data shared)Czech Republic

YourCloudAgent will notify you at least 30 days before adding any new sub-processor that processes your contacts' Personal Data. You may object to any new sub-processor within 14 days of notification by contacting [email protected].

6. Data Subject Rights

When your leads or contacts exercise their data rights (access, deletion, correction, portability), YourCloudAgent will assist you in responding to those requests within 5 business days. You remain responsible as the Data Controller for fulfilling data subject rights obligations.

If a data subject contacts YourCloudAgent directly regarding their rights, we will promptly redirect them to you as the Data Controller.

7. Data Breach Notification

In the event of a confirmed data breach affecting your contacts' Personal Data, YourCloudAgent will notify you within 72 hours of becoming aware of the breach, including:

• A description of the nature of the breach

• Categories and approximate number of data subjects affected

• Likely consequences of the breach

• Measures taken or proposed to address the breach

You are responsible for any required notifications to affected individuals and regulatory authorities under applicable law, including the New York SHIELD Act.

8. Data Deletion & Return

Upon termination of your subscription:

• YourCloudAgent will provide a full CSV export of your contact data within 48 hours of request

• All Personal Data will be deleted from our active systems within 60 days of account termination

• Anonymized or aggregated data that cannot be linked to identifiable individuals may be retained for service improvement purposes

• Financial records required by law will be retained per applicable retention requirements

9. Audits & Compliance

You may request reasonable information from YourCloudAgent to verify compliance with this DPA up to once per calendar year. YourCloudAgent will respond to such requests within 30 days. Audits requiring on-site access or extensive staff time may be subject to reasonable fees.

10. Liability

Each party's liability under this DPA is subject to the limitations set forth in our Terms of Service. YourCloudAgent's liability for data processing activities is limited to its role as a Data Processor acting on your documented instructions.

You, as Data Controller, are responsible for ensuring you have a lawful basis for collecting and processing your leads' personal data, including obtaining required TCPA consent for SMS communications.

11. Contact for Data Privacy

YourCloudAgent LLC — Data Privacy
Email: [email protected]
For data subject requests: Submit a Privacy Request