Data Processing Addendum

For personal data you and your clients submit to the Service ("Customer Personal Data"), you act as the data controller and ProjEvo acts as the data processor, processing that data only to provide the Service and on your documented instructions (including as set out in our Terms and Privacy Policy). For data about your own account and our operation of the Service, ProjEvo acts as a controller.

We process Customer Personal Data to host, operate, secure, support and improve the Service — for example, to run projects, billing, support, messaging, hosting management, platform email and AI features you enable. The categories of data and data subjects are those you choose to submit (such as your clients' names, contact details, billing and communication history).

You authorize ProjEvo to engage subprocessors to provide the Service. Current subprocessors include:

• Cloudflare — network, CDN, object storage (R2) and security
• Twilio — SMS, voice and messaging
• Stripe and PayPal — payment processing
• Postmark — transactional email, including the per-organization Platform Email we provide to customers for transactional use
• Anthropic and OpenAI — AI processing (when ProjEvo AI is used; bring-your-own keys run under your own provider account)
• Cloud hosting and infrastructure providers used to operate the platform

We require subprocessors to provide appropriate data-protection safeguards. We will make a current list available on request and give notice of material changes.

We implement appropriate technical and organizational measures to protect Customer Personal Data, including encryption in transit and at rest, access controls and authentication, monitoring, and application-level encryption of certain sensitive fields. See the Data Security section of our Privacy Policy.

The Service provides tools that let you access, correct, export and delete Customer Personal Data so you can respond to data-subject requests. Where you cannot do so through the Service, we will provide reasonable assistance. If a data subject contacts ProjEvo directly about data we process on your behalf, we will refer them to you.

If we become aware of a personal-data breach affecting Customer Personal Data, we will notify you without undue delay and provide information reasonably available to help you meet your notification obligations.

Customer Personal Data may be processed in the United States and other countries where we and our subprocessors operate. Where required, we rely on appropriate transfer mechanisms to protect the data.

On termination of the Service, you may export Customer Personal Data. After a reasonable period, we will delete or anonymize Customer Personal Data in line with our retention practices, unless retention is required by law.

You are responsible for the accuracy and legality of Customer Personal Data, for having a lawful basis and any required consents to process it, and for configuring roles, permissions and integrations appropriately. You must not submit special categories of data except as supported by the Service and permitted by law.

For questions about this Addendum or to request our current subprocessor list, contact us at:

ProjEvo LLC
Orlando, Florida
Phone: (855) 506-1140
Email: security [at] projevo [dot] io
Website: https://projevo.io