Last updated: October 28, 2025
This Data Processing Agreement (“DPA”) is part of the AllFactors Terms of Service between AllFactors, Inc. (“AllFactors”, “we”, “us”, or “our”) and the customer (“Customer”, “you”, or “your”) who uses the AllFactors platform.
This DPA reflects our commitment to keep your customers’ data private, secure, and fully aligned with the EU General Data Protection Regulation (GDPR), UK GDPR, and similar data protection laws.
1. Key Terms
- You act as the Data Controller, determining what data is collected and for what purpose.
- AllFactors acts as the Data Processor, processing personal data solely to deliver you analytics and related services according to your instructions.
- Sub-processors are trusted service providers engaged by AllFactors to support the platform’s infrastructure and functionality.
AllFactors will only process personal data in accordance with this DPA, your documented instructions, and applicable law.
2. Scope of Processing
When you install the AllFactors script or connect your marketing tools, we collect data about how visitors interact with your website and campaigns. This may include IP address (pseudonymized where possible), browser type, device information, operating system, country, unique identifiers, referral sources, and on-page activity such as clicks, scrolls, and conversions.
We use cookies and similar technologies to understand visitor behavior and session activity. You’re responsible for ensuring your website complies with GDPR and ePrivacy requirements, including displaying any necessary consent banners or privacy notices.
AllFactors processes this data only to provide you with analytics, attribution, and reporting features within the platform.
We do not use your data for our own marketing, profiling, or product promotion.
We never sell or share your data with third parties.
3. Data Retention
Customer account data is kept until you delete your account.
Visitor and event data is retained to provide ongoing analytics, attribution, and historical reporting for as long as your account remains active.
You can request deletion of your data at any time.
4. Sub-processors
We work with a small group of trusted sub-processors who meet strict privacy and security standards.
Each sub-processor signs a data processing agreement consistent with GDPR requirements.
You can request the latest list anytime at [email protected]
If we add a new sub-processor, we’ll notify customers in advance where required.
5. Data transfers
If data is transferred outside the EU, EEA, or UK, we ensure it’s protected through:
- Standard Contractual Clauses (SCCs) approved by the European Commission, and
- Technical safeguards like encryption, pseudonymization, and access control.
We only use partners who uphold strong data protection standards.
6. Security
AllFactors uses advanced, enterprise-grade security measures to protect personal data, including:
- TLS 1.2+ encryption for all data in transit.
- AES-256 encryption for data at rest in databases and backups.
- Role-based access control (RBAC) and multi-factor authentication (MFA).
- Continuous monitoring and centralized logging across all systems.
- Regular security reviews, updates, and patch management.
- Employee confidentiality agreements and privacy training.
- Secure cloud hosting with SOC 2 Type II, ISO 27001, and GDPR-certified providers.
Our systems are designed with privacy and security at the core.
7. Roles & Responsibilities
Your responsibilities (As Controller):
- Ensure you have a lawful basis for collecting and processing personal data.
- Display any required cookie banners or notices, and manage user consent as applicable.
- Handle any user requests (access, erasure, etc.) with respect to your data subjects.
Our responsibilities (As Processor):
- Process data only on your documented instructions.
- Keep the data secure and confidential.
- Assist you in meeting your data protection obligations (within reason and as requested).
8. Data Subject Rights & Assistance
We will, upon your request, assist you in responding to data subject requests (e.g., from your visitors) insofar as it is reasonably possible. If legal or technical limitations apply, we’ll let you know.
9. Acceptance
By using the AllFactors products & services, you acknowledge and agree to this DPA. If you’d like a signed copy, please contact us at [email protected] and we’ll provide one.
10. Governing Law
This DPA is governed by the laws of Delaware, USA and any dispute will be resolved in the courts of Delaware, USA.
