Data Processing Addendum

Our commitment to protecting your data and ensuring compliance with privacy regulations

Last Updated: January 21, 2026

About This Document

This Data Processing Addendum ("DPA") forms part of the Terms of Service ("Agreement") between 4Trades.ai LLC ("Provider") and the entity identified as the Client in the Agreement. This DPA applies where and to the extent that Provider processes Personal Data on behalf of Client in the course of providing the Services.

1. DEFINITIONS

1.1. Personal Data

"Personal Data" means any information relating to an identified or identifiable natural person (including Callers) processed by Provider on behalf of Client.

1.2. Data Protection Laws

"Data Protection Laws" means all applicable privacy and data protection laws, including but not limited to the CCPA/CPRA and other applicable U.S. state privacy laws.

1.3. Controller

"Controller" means the Client; "Processor" means the Provider.

2. ROLES AND COMPLIANCE

2.1. Relationship of the Parties

The parties acknowledge and agree that Client is the Controller and Provider is the Processor of Personal Data.

2.2. Client Obligations

Client represents and warrants that it has provided all necessary notices and obtained all necessary consents from Callers required under Data Protection Laws and telecommunications laws (including TCPA) for Provider to process Personal Data as contemplated by the Agreement.

3. DATA PROCESSING LIMITATIONS (PURPOSE LIMITATION)

3.1. Personal Data

Provider shall process Personal Data only for the limited and specified business purposes of providing the Services as defined in the Agreement.

3.2. Provider is prohibited from:

  • (i) selling or sharing Personal Data;
  • (ii) retaining, using, or disclosing Personal Data for any purpose other than the business purposes specified; or
  • (iii) combining Personal Data with data received from other sources, except as permitted by Data Protection Laws.

4. SUBPROCESSORS

4.1. Authorization

Client provides general written authorization for Provider to engage subprocessors to provide the Services.

4.2. Current List and Notification

A current list of subprocessors is maintained at 4trades.ai/subprocessors. Provider shall notify Client of intended changes to subprocessors by updating said URL. Client is responsible for regularly reviewing such list.

4.3. Liability

Provider remains liable for the performance of its subprocessors to the same extent Provider is liable for its own performance under the Agreement.

5. SECURITY AND AUDIT

5.1. Security Measures

Provider shall implement and maintain appropriate technical and organizational measures designed to protect Personal Data against unauthorized access, loss, or disclosure.

5.2. Audit Rights

Client's right to audit Provider's compliance is limited to the provision of a summary of Provider's security certifications or an independent third-party audit report, provided no more than once per calendar year and upon at least thirty (30) days' written notice.

6. DATA DELETION

6.1. Termination of the Services

Upon termination of the Services, or upon the expiration of the 60-day retention period specified in the Provider's Privacy Policy, Provider shall delete all Personal Data in its possession, unless applicable law requires continued retention.