Data Processing Agreement (DPA)

Last updated: March 2026

This Data Processing Agreement supplements the Terms & Conditions and applies when Cendriq (operated by Zenith Dynamics) processes personal data on behalf of the customer.

1. Scope and Roles

This Data Processing Agreement applies where Cendriq, operated by Zenith Dynamics, processes personal data on behalf of the customer in connection with Cendriq services, including connectors, integrations, Leadpulse visitor tracking, Leadbot submissions, lead scoring, campaign tracking and related dashboards.

The customer acts as data controller. Zenith Dynamics acts as data processor for personal data processed on behalf of the customer.

2. Processing Activities

Cendriq may process personal data for:

  • Operating connectors and integrations
  • Synchronizing marketplace, order, product, customer and shipping data
  • Storing connector configuration and secured credentials/tokens
  • Providing Leadpulse visitor tracking
  • Processing Leadbot submissions
  • Calculating lead scores
  • Reporting campaign and UTM performance
  • Enforcing usage limits
  • Providing support, logging, security and auditability

3. Categories of Data Subjects

  • Customer’s users and staff
  • Customer’s website visitors
  • Leads submitting forms or Leadbot messages
  • Marketplace customers where connector data is processed
  • Recipients or shipping contacts where shipping data is processed

4. Categories of Personal Data

  • Names
  • Email addresses
  • Company details
  • Website activity
  • Campaign/UTM data
  • Leadbot messages
  • Lead activity and scores
  • Order and shipping data where applicable
  • Technical identifiers required for service operation
  • Usage and audit logs
  • Secured API credentials/tokens where applicable

5. Customer Responsibilities

The customer is responsible for:

  • Having a valid legal basis for processing
  • Informing data subjects
  • Configuring cookie/consent tools where required
  • Ensuring Leadpulse is used lawfully on the customer’s website
  • Not collecting passwords, payment card data, medical data, criminal data or other sensitive information through Leadbot unless explicitly agreed in writing

6. Security Measures

Cendriq applies appropriate technical and organisational measures, including:

  • TLS encryption in transit
  • Secured storage of credentials/tokens where applicable
  • Access restriction on a need-to-know basis
  • Authentication and authorization controls
  • Audit logging
  • Backups and operational monitoring
  • Separation of customer environments/data in the application
  • Regular security-aware development practices

7. Sub-processors

Cendriq may use sub-processors for:

  • Hosting/infrastructure
  • Email delivery
  • Payment processing
  • Error monitoring/logging where applicable

A current list of sub-processors is available upon request.

8. Data Breaches

Cendriq will notify the customer without undue delay after becoming aware of a personal data breach affecting customer data and will provide reasonable information to help the customer meet its legal obligations.

9. Data Subject Requests

Cendriq will reasonably assist the customer with data subject requests, including access, correction, deletion, restriction and portability requests, insofar as technically possible.

10. Retention and Deletion

Customer data is retained according to the subscription, Terms, Privacy Policy and applicable settings. After termination, customer data will be deleted or anonymised after 30 days unless a longer period is required by law or agreed in writing.

11. International Transfers

Where personal data is transferred outside the European Economic Area, Cendriq will ensure appropriate safeguards are in place where required by applicable data protection law.

12. Contact

For DPA-related inquiries: info@cendriq.com