Data Processing Agreement (DPA)

This DPA forms part of the Terms of Service between you and Kecskeméti Levente e.v. and governs processing of personal data in accordance with GDPR.

• Customer = Data Controller
• HitUp.ai = Data Processor

• Account Data: email, onboarding info, payment metadata (via Stripe)
• Lead Data: public/third-party business contacts (name, role, company, email, LinkedIn, etc.)

• Deliver curated lead lists
• Enrich and rank data
• Refine ICP definitions using AI models
• Manage payments and accounts

• TLS encryption
• Restricted Supabase access
• Secure Vercel hosting

• Supabase – database/auth
• Vercel – hosting/analytics
• Stripe – payments
• External data providers – we may use third-party data enrichment services, search engines, and AI-powered research tools to identify and process publicly available business information.
• OpenAI – AI models to refine ICP definitions and rank leads. Only onboarding details and structured lead attributes are shared.

We assist with GDPR rights requests.

Some data may be processed outside the EEA (Stripe, Vercel, Supabase, OpenAI). Protected by SCCs or equivalent safeguards.

• Account data deleted within 30 days of closure
• Leads deletable on request
• Financial data retained per Hungarian law

We notify Customer without undue delay, within 72 hours where feasible.