Meet Cortex AI Powered, Expertise Refined Decision EngineYour AI Optimization Engine

Agency Data Processing Addendum

The Capconvert Agency DPA for Customers subject to GDPR, UK GDPR, CCPA/CPRA, or equivalent privacy laws. The Cortex SaaS DPA is at /cortex/dpa.

Capconvert Agency Data Processing Addendum

Capconvert, LLC. makes a Data Processing Addendum (the “Agency DPA”) available to Customers whose Capconvert agency engagement involves the processing of personal data subject to the EU General Data Protection Regulation (Regulation 2016/679), the UK GDPR, the California Consumer Privacy Act as amended by the California Privacy Rights Act, or equivalent international or state-level privacy laws.

The Cortex SaaS product has its own DPA at /cortex/dpa. If an engagement includes both agency services and Cortex access, both DPAs apply (each to its respective surface).

The Agency DPA incorporates the European Commission’s Standard Contractual Clauses (Module Two: Controller to Processor) for cross-border transfers, the UK Addendum to the SCCs, and the equivalent Swiss FADP transfer provisions, each where applicable.

Download the Full Agency DPA

The full Capconvert Agency DPA is available as a print-ready PDF:

Download Agency DPA (PDF)

For most engagements you can sign and return the PDF as is. If you need redlines or a wet signature, follow the email path below.

How to Execute the Agency DPA

To put a Capconvert Agency DPA in place, email help@capconvert.com with subject line “Agency DPA Request” and include:

  • your legal entity name and address;
  • the name and email of the person authorized to sign;
  • a brief description of the categories of personal data and data subjects you expect Capconvert to process (typically: your end customers, your team members, authors of content under audit);
  • the applicable privacy law (GDPR, UK GDPR, CCPA, other) and any required regional addenda.

We return a counter-signed copy within five business days in most cases. Customers on enterprise engagements can request the DPA in advance of contract signature and execute both documents together.

Summary of the Core Terms

The full DPA is provided when requested or via the PDF above; what follows is a plain-English summary for procurement review:

  • Capconvert acts as a Processor with respect to Customer Data processed in connection with agency services; the Customer is the Controller. Under CCPA/CPRA, Capconvert is a Service Provider.
  • Capconvert processes Customer Data only on documented instructions from the Customer and as needed to perform the agency engagement.
  • Capconvert imposes confidentiality obligations on personnel authorized to process Customer Data.
  • Capconvert maintains appropriate technical and organizational security measures (access controls, encryption in transit and at rest, audit logging, incident response, vendor diligence on Subprocessors).
  • Subprocessors are listed at /subprocessors; the DPA grants general written authorization for those Subprocessors and requires 15 days’ notice of new ones.
  • Capconvert assists the Customer with data subject rights requests, data protection impact assessments, and breach notification.
  • On termination, Capconvert returns or deletes Customer Data within the 90-day window described in our Data Retention Policy, subject to legal retention requirements.
  • Cross-border transfers from the EEA, UK, or Switzerland to the United States rely on the Standard Contractual Clauses (and the UK IDTA Addendum or Swiss equivalent where applicable).

Last updated: May 26, 2026