Estimatic.ai

Legal

Data Processing Addendum

Last updated: May 6, 2026Effective: May 6, 2026
This Data Processing Addendum (“DPA”) supplements the Estimatic AI Terms of Service between Estimatic, Inc. (“Estimatic AI”) and the customer (“Customer”) and applies where Estimatic AI processes Personal Data on behalf of Customer in connection with the Services.

1. Definitions

Capitalized terms not defined here have the meanings given in the Terms of Service. “Applicable Data Protection Law” means the EU GDPR, UK GDPR, the California Consumer Privacy Act as amended (“CCPA”), and other comparable privacy and data protection laws applicable to Estimatic AI’s processing of Personal Data. “Personal Data,” “processing,” “controller,” “processor,” and “data subject” have the meanings given by Applicable Data Protection Law.

2. Roles

For Customer Data, Customer is the controller (or processor on behalf of a third-party controller) and Estimatic AI is the processor (or sub-processor). For account administrators’ contact details and Estimatic AI’s own use of personal information described in our Privacy Policy, Estimatic AI is the controller.

3. Subject Matter, Duration, Nature, Purpose

  • Subject matter: processing of Personal Data necessary to provide the Services.
  • Duration: the term of the Terms of Service plus any retention period required by law.
  • Nature and purpose: hosting, storing, transmitting, displaying, analyzing, securing, and otherwise processing Personal Data to provide and improve the Services, including AI features.
  • Categories of data subjects: Customer’s employees, contractors, end-users, customers, leads, and other individuals included in Customer Data.
  • Categories of Personal Data: contact information, business information, communications metadata, content submitted to the Services, usage data, and any other Personal Data Customer chooses to submit.

4. Customer Instructions

Estimatic AI will process Personal Data only on documented instructions from Customer, including as set out in the Terms of Service, this DPA, and Customer’s use of the Services. Estimatic AI will inform Customer if, in its opinion, an instruction infringes Applicable Data Protection Law.

5. Confidentiality

Estimatic AI ensures that personnel authorized to process Personal Data are bound by confidentiality obligations.

6. Security

Estimatic AI implements appropriate technical and organizational measures designed to protect Personal Data against unauthorized or unlawful processing and against accidental loss, destruction, damage, alteration, or disclosure. These measures include encryption in transit, access controls, logging and monitoring, vulnerability management, secure software development practices, and regular review.

7. Sub-processors

Customer authorizes Estimatic AI to engage sub-processors to perform processing on its behalf, subject to written terms imposing data protection obligations no less protective than those in this DPA. A current list of sub-processors is available on request and may be made available in-product. Estimatic AI will provide notice of intended changes through the Services or by email and give Customer a reasonable opportunity to object on reasonable data protection grounds.

8. International Transfers

Where transfers of Personal Data from the EEA, UK, or Switzerland to a country not deemed adequate by the European Commission or other relevant authority occur, the parties rely on the Standard Contractual Clauses (Module Two) and the UK International Data Transfer Addendum, as applicable, which are incorporated by reference.

9. Assistance to Customer

Taking into account the nature of the processing and the information available, Estimatic AI will provide reasonable assistance to Customer in fulfilling its obligations to respond to requests from data subjects and to comply with security, breach notification, impact assessment, and prior consultation obligations under Applicable Data Protection Law.

10. Personal Data Breach Notification

Estimatic AI will notify Customer without undue delay after becoming aware of a Personal Data Breach affecting Customer’s Personal Data and will provide information reasonably available to assist Customer in meeting its notification obligations.

11. Audits

Estimatic AI will make available information necessary to demonstrate compliance with this DPA and will allow for and contribute to audits, including inspections, by Customer or another auditor mandated by Customer, subject to reasonable confidentiality, cost, scope, frequency, and security limitations. Where available, third-party audit reports and certifications may be provided in lieu of on-site audits.

12. Deletion or Return

Upon termination of the Terms of Service and at Customer’s choice, Estimatic AI will delete or return Personal Data to Customer, subject to retention required by law and our standard backup schedules. After expiration of the retention period, Estimatic AI will delete or anonymize the Personal Data.

13. CCPA

For purposes of the CCPA, Customer discloses Personal Data to Estimatic AI only for limited and specified business purposes set out in the Terms of Service. Estimatic AI is a service provider and will not (a) sell or share Personal Data; (b) retain, use, or disclose Personal Data for any purpose other than the business purposes specified or as otherwise permitted by the CCPA; or (c) combine Personal Data with information received from another source, except as permitted by the CCPA.

14. Conflict

In the event of any conflict between this DPA and the Terms of Service, this DPA controls with respect to the processing of Personal Data.

15. Contact

Data protection inquiries: privacy@estimatic.ai.
Estimatic, Inc., 1317 Edgewater Drive, Suite 719, Orlando, FL 32804.