HG Insights Unveils Unified RGI Platform WATCH THE WEBINAR >
Hginsights Logo Dark

Search HGInsights

Data Protection Addendum (DPA)

This Data Protection Addendum (this “DPA”) is deemed a part of the MSA to which it is attached.  In the event of any conflict between the terms of this DPA and the other terms of the MSA, this DPA will govern.

1. Definitions

  1. In this DPA:
    Applicable Law” means all laws, regulations and other legal requirements applicable to either (i) HG Insights as provider of the HG Insights Services or (ii) Customer as user of the HG Insights Services. For example, to the extent applicable, this includes the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”); equivalent requirements in the United Kingdom including the Data Protection Act 2018 and the UK General Data Protection Regulation (“UK Data Protection Law”); the Swiss Federal Act on Data Protection (“Swiss FADP”); the California Consumer Privacy Act, as amended by the California Privacy Rights Act and together with associated regulations (“CCPA”); the Virginia Consumer Data Protection Act (“VCDPA”); the Colorado Privacy Act and related regulations (“CPA”); the Utah Consumer Privacy Act (“UCPA”); and the Connecticut Act Concerning Personal Data Privacy and Online Monitoring (the “CPDPA”).

    Customer List” is the following Personal Data about Users of Customer’s Products: (i) name, (ii) email address, and (iii) name of the individual’s employer or other organization.

    Designated Address” means Customer’s email address for legal notices set forth in the Order Form.

    Effective Date” means the Effective Date of this DPA.

    Personal Data” means any information relating to an identified or identifiable individual, within the meaning of the GDPR (regardless of whether the GDPR applies), and any information defined as “personal information,” “personal data,” or an analogous term in Applicable Law.

    Personal Data Breach” means the accidental or unlawful destruction, loss, alteration, disclosure or other Processing of, or access to, Personal Data.

    Process” and “Processing” mean any operation or set of operations performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, creating, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

    Standard Contractual Clauses” refers to the clauses issued pursuant to the EU Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, available at http://data.europa.eu/eli/dec_impl/2021/914/oj and completed as described in the “Data Transfers” section below.

    Subprocessor” means a subcontractor engaged by HG Insights for the Processing of Personal Data.

    UK SCC Addendum” means the United Kingdom International Data Transfer Addendum to the EU Commission Standard Contractual Clauses (available as of 21 March 2022 at https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-data-transfer-agreement-and-guidance/), completed as described in the “Data Transfers” section below.

  2. For ease of reading, some other terms are defined later in the DPA.  Capitalized terms not otherwise defined in the DPA will have the meaning set forth in the MSA.

Scope, Relationship of the Parties, and Data Use Limitations

  1. HG Insights shall Process Personal Data only (a) to provide, operate, maintain, secure, support, and improve the Services described in the MSA or in an Order Form (including any related implementation, configuration, integration, support, training, analytics, and reporting activities), (b) to carry out any documented instructions reasonably requested by Customer in connection with Customer’s permitted use of the Services, and (c) to comply with applicable laws to which Processor is subject. Processor shall not Process Personal Data for any purpose other than the foregoing, including any purpose that is inconsistent with the Agreement or this Addendum, and shall not “sell,” “share,” or otherwise Process Personal Data for cross‑context behavioral advertising or other purposes that would cause Customer or Processor to be deemed a “seller” or “business” making a “sale” or “sharing” of Personal Data under Applicable Law, regardless of whether such laws directly apply.
  2. If Applicable Law requires HG Insights to engage in Processing not permitted by the above, HG Insights will first inform Customer of the relevant legal requirement, unless the Applicable Law prohibits such notification on important grounds of public interest. HG Insights will notify Customer as soon as legally permissible if, for any other reason, HG Insights determines that HG Insights can no longer meet its obligations under Applicable Law.
  3. Customer has the right to take reasonable and appropriate steps to (a) ensure that HG Insights is using the Personal Data consistent with Customer’s obligations under Applicable Law, and (b) stop and remediate unauthorized use of the Personal Data.
  4. For the purposes of the provision of the Services to Customer,  Customer is the “Controller” and HG Insights is Customer’s “Processor” as such terms are defined in the GDPR (regardless of whether the GDPR applies).
  5. HG Insights is a Controller of all Personal Data HG Insights collects from individuals during their registration for the Site and their use of the Site.  HG Insights’s Processing of that Personal Data is not subject to this DPA.

Confidentiality and Training

  1. HG Insights will ensure that the persons HG Insights authorizes to Process the Personal Data are contractually required to maintain the confidentiality of such data. HG Insights will train relevant employees regarding privacy, confidentiality, and data security. 

Security

  1. HG Insights will comply with the security obligations of the GDPR and other Applicable Law.  HG Insights will assist Customer in Customer’s compliance with such obligations by implementing technical and organizational measures that comply with Applicable Law and Schedule B.  HG Insights may make future replacements or updates to the measures, so long as the measures continue to comply with Applicable Law and do not lower the level of security provided for the Personal Data. 

Subprocessors

  1. HG Insights may subcontract the collection or other Processing of Personal Data (i) only in compliance with Applicable Law regarding subprocessing, including GDPR Art. 28, (ii) only with Customer’s consent and (iii) only if HG Insights has imposed contractual obligations on the Subprocessor that are substantially the same as, or more restrictive than, those imposed on HG Insights under this DPA.
  2. Current Subprocessors are listed in Schedule C (the “Subprocessor List”). When any new Subprocessor is engaged, HG Insights will notify Customer by email to the Designated Address at least 10 business days prior to giving the Subprocessor access to the Personal Data.
  3. If Customer has any reasonable objection to the new Subprocessor, Customer may terminate Customer’s subscription to the HG Insights Services, effective on a Customer-specified date, by providing written notice of the termination and its basis.  Promptly after termination, HG Insights will refund any unused prepaid fees.  Customer is deemed to consent to the new Subprocessor if Customer does not terminate the subscription or if Customer’s termination takes effect later than 10 business days after receipt of the notification.
  4. HG Insights remains liable for its Subprocessors’ acts and omissions to the same extent HG Insights is liable for its own, consistent with the limitations of liability set forth in the MSA or this DPA.

Assistance Responding to Individuals’ Requests to Exercise Rights

  1. HG Insights will assist Customer with the fulfilment of Customer’s obligation to honor requests by individuals to exercise their Personal Data-related rights under the GDPR or other Applicable Law (a “Data Subject Request”), such as rights to access, correct, or delete their Personal Data, by complying with this “Assistance Responding to Individuals’ Requests to Exercise Rights” section of this DPA.
  2. If HG Insights receives a Data Subject Request or a complaint from an individual or their representative and the communication identifies Customer (or if HG Insights is aware that the communication pertains to the Personal Data HG Insights holds for Customer), HG Insights will forward the communication to Customer:
    1. as soon as commercially practicable; but
    2. no later than within 72 hours of receipt if the communication arrives via support@hginsights.com or any other contact method specified in HG Insights’s then-current publicly available Privacy Policy.
  3. Specifically, HG Insights will forward such communication to the Designated Address.
  4. Within 72 hours of Customer’s request, HG Insights will (i) completely fulfill any Data Subject Request and (ii) inform Customer that it has done so.  Where fulfilling the Data Subject Request requires provision of a copy of the Personal Data, or other information, Customer can select on a case-by-case basis whether HG Insights will provide it to Customer (the default) or to the requesting individual.
  5. Notwithstanding the foregoing, if an individual uses the unsubscribe link in a Campaign, HG Insights will honor that request immediately, without the need to contact Customer for instructions.

Personal Data Breach

  1. HG Insights will comply with the Personal Data Breach-related obligations applicable to it under the GDPR and other Applicable Law.  HG Insights will assist Customer in complying with those applicable to Customer by informing Customer of a confirmed Personal Data Breach without undue delay and in any event within 48 hours of becoming aware and by otherwise complying with this “Personal Data Breach Notification” section of this DPA. 
  2. HG Insights will provide such notification to Customer at the Designated Address.  
  3. Such notification is not an acknowledgement of fault or responsibility.  The notification will include HG Insights’s then-current assessment of the following, which may be based on incomplete information:
    1. The nature of the Personal Data Breach including, where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of Personal Data records concerned;
    2. The likely consequences of the Personal Data Breach; and
    3. Measures taken or proposed to be taken by HG Insights to address the Personal Data Breach including, where applicable, measures to mitigate its possible adverse effects.
  4. HG Insights will provide prompt updates to such information as it becomes available.
  5. If the Personal Data Breach results from HG Insights’s breach of this DPA, HG Insights will promptly reimburse Customer for the costs of any legally required notification to affected individuals.

Assistance with DPIAs and Consultation with Supervisory Authorities

  1. HG Insights will provide reasonable assistance to and cooperation with Customer for (i) Customer’s performance of any data protection impact assessment of the Processing or proposed Processing of the Personal Data involving HG Insights, and (ii) related consultation with supervisory authorities.

Data Return and Destruction

  1. HG Insights will destroy all Personal Data within 30 days after the termination of the MSA (including on all Subprocessor systems) except to the extent Applicable Law requires storage of the Personal Data.  
  2. In the event of such legally required retention of the Personal Data, (i) HG Insights will inform Customer as soon as legally permitted, (ii) HG Insights will retain only Personal Data that it is legally required to retain and will retain it only as long as is legally required, (iii) during the retention period, HG Insights will refrain from Processing the Personal Data and will continue to comply with this DPA with respect to the Personal Data, to the extent legally permitted, and (iv) HG Insights will destroy the Personal Data and inform Customer of such destruction as soon as legally permissible.
  3. If requested by Customer within 10 days after the termination of the MSA, HG Insights will first return a copy of the Personal Data to Customer in any reasonably requested format before the destruction described above.
  4. HG Insights will provide certification of the destruction and/or return within 10 days of Customer’s written request. 

Compliance Verification and Audits

  1. HG Insights. will make available to Customer all information reasonably necessary to demonstrate compliance with this DPA and allow for and contribute to audits, including inspections, conducted by Customer or another auditor mandated by Customer, provided that (a) Customer gives HG Insights. at least thirty (30) days’ prior written notice of any requested audit, (b) any such audit occurs no more than once in any twelve (12) month period (unless required more frequently by Applicable Law or following a confirmed Personal Data Breach involving Customer Personal Data), and (c) audits are conducted during HG Insights.’s normal business hours in a manner designed to minimize disruption to HG Insights’s business operations. Customer shall bear all costs and expenses of any audit (including those of its auditor), and shall reimburse HG Insights. for any reasonable out-of-pocket costs incurred in connection with providing such cooperation.

Data Transfers

  1. Customer authorizes HG Insights to make international transfers of the Personal Data only if (i) Applicable Law for such transfers is respected and (ii) the transfer is otherwise permitted by this DPA.
  2. To the extent legally required, the Standard Contractual Clauses form part of this DPA and take precedence over the rest of this DPA to the extent of any conflict, and, except as set forth in Sections 33 or 34, they will be deemed completed as follows:
    1. Customer, the exporter, acts as a controller and HG Insights, the importer, acts as Customer’s processor with respect to the Personal Data subject to the Standard Contractual Clauses, and its Module 2 applies.  Their contact information is set forth in Schedule A.
    2. Clause 7 (the optional docking clause) is included.
    3. Under Clause 9 (Use of sub-processors), the parties select Option 2 (General written authorization). The initial list of sub-processors is set forth below in Schedule C of this DPA, and HG Insights shall update that list at least 10 business days in advance of any intended additions or replacements of sub-processors.
    4. Under Clause 11 (Redress), the optional requirement that data subjects be permitted to lodge a complaint with an independent dispute resolution body does not apply.
    5. Under Clause 17 (Governing law), the parties choose Option 1 (the law of an EU Member State that allows for third-party beneficiary rights).  The parties select the law of Ireland.
    6. Under Clause 18 (Choice of forum and jurisdiction), the parties select the courts of Ireland.
    7. Annexes I and II of the Standard Contractual Clauses are set forth in Schedule A of the DPA. 
    8. Annex III of the Standard Contractual Clauses (List of subprocessors) is inapplicable.
  3. With respect to Personal Data for which UK Data Protection Law governs the transfer, to the extent legally required, the UK SCC Addendum forms part of this DPA and takes precedence over the rest of this DPA to the extent of any conflict and shall be deemed completed as follows (with capitalized terms not defined elsewhere having the definition set forth in the UK SCC Addendum):
    1. Table 1 of the UK SCC Addendum: The Parties, their details, and their contacts are those set forth in Schedule A.
    2. Table 2 of the UK SCC Addendum: the “Approved EU Standard Contractual Clauses” shall be the Standard Contractual Clauses as set forth in Section 32 of this DPA. 
    3. Table 3 of the UK SCC Addendum: Annexes I(A), I(B), and II are in Schedule A of the DPA, and Annex III is in Schedule C.
    4. Table 4 of the UK SCC Addendum: neither party may exercise the right set forth in Section 19 of the UK SCC Addendum.
  4. With respect to Personal Data for which the Swiss FADP governs the transfer, the Standard Contractual Clauses shall be deemed to have the following differences to the extent required by the Swiss FADP:
    1. References to the GDPR in the Standard Contractual Clauses are to be understood as references to the Swiss FADP insofar as the data transfers are subject exclusively to the Swiss FADP and not to the GDPR.
    2. The term “member state” in Standard Contractual Clauses shall not be interpreted in such a way as to exclude data subjects in Switzerland from the possibility of suing for their rights in their place of habitual residence (Switzerland) in accordance with Clause 18(c) of the Standard Contractual Clauses. 
    3. References to personal data in the Standard Contractual Clauses also refer to data about identifiable legal entities until the entry into force of revisions to the Swiss FADP that eliminate this broader scope.
    4. Under Annex I(C) of the Standard Contractual Clauses (Competent supervisory authority):
      1. Where the transfer is subject exclusively to the Swiss FADP and not the GDPR, the supervisory authority is the Swiss Federal Data Protection and Information Commissioner.
      2. Where the transfer is subject to both the Swiss FADP and the GDPR, the supervisory authority is the Swiss Federal Data Protection and Information Commissioner insofar as the transfer is governed by the Swiss FADP, and the supervisory authority is as set forth in the Standard Contractual Clauses insofar as the transfer is governed by the GDPR.

Survival

  1. This DPA survives termination of this MSA for so long as HG Insights continues to Process such Personal Data.

Schedule A to DPA

Annexes I and II of the Standard Contractual Clauses

ANNEX I 
A.  LIST OF PARTIES

MODULE TWO: Transfer controller to processor


Data exporter(s): 

Name: Customer, as specified in the MSA or Order Form. 

Address: \companyaddress_1_text\

Contact person’s name, position and contact details: \dpacontactinfo_1_text\

Activities relevant to the data transferred under these Clauses: 

Signature and date: The Parties are deemed to have signed this Annex I by signing the DPA.

Role (controller/processor): Controller

Data importer(s): 

Name: HG Insights, Inc

Address: 1 North Calle Cesar Chavez, Suite 100, Santa Barbara, CA 93103,

Contact person’s name, position and contact details: Bill Tole, CFO, legal@hginsights.com

Activities relevant to the data transferred under these Clauses: The importer will perform the Services as described in the main agreement and in the DPA when requested by the exporter.

Signature and date: The Parties are deemed to have signed this Annex I by signing the DPA.

Role (controller/processor): Processor

B. DESCRIPTION OF TRANSFER

MODULE TWO: Transfer controller to processor

Categories of data subjects whose personal data is transferred: Users/Customers/Prospective customers of Customer’s Products.

Categories of personal data transferred: 

    • Contact information
      1. Name;
      2. email address;
      3. Phone number.
    • Professional records:
      1. job title;
      2. job location (work address);
      3. Company
    • Identifiers:
      1. IP address
    • Other:
      1. information relevant to sales, such as details about past or scheduled meetings;
      2. behavior on the Customer’s website;
      3. lead score; and
      4. web application usage data.

     

  • Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures. None.

    The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis). On a continuous basis for as long as Customer is engaging HG Insights to provide Services. 

    Nature of the processing: 

    Purpose(s) of the data transfer and further processing: To provide the Services as described in the MSA and/or the Order Form. 

    The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period: For so long as the exporter is engaging the importer for the provision of Services. 

    For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing: The sub-processors provide support to importer to perform the Services. See Schedule C for additional detail.

    C.  COMPETENT SUPERVISORY AUTHORITY

    MODULE TWO: Transfer controller to processor

    Identify the competent supervisory authority/ies in accordance with Clause 13:

    The parties shall follow the rules for identifying such authority under Clause 13 and, to the extent legally permissible, select the Irish Data Protection Commission.

    ANNEX II – TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA

    Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons.

    See Schedule B immediately below.

Schedule B to DPA

Information Security Addendum

HG Insights has established and agrees to maintain a written information security and privacy program (the “Information Security Program”) designed to comply with this Information Security Addendum and Applicable Law. Terms not defined herein have the meaning set forth in the DPA. As part of its program, HG Insights has implemented and agrees to maintain administrative, technical, and physical security safeguards designed to protect the confidentiality, integrity, and availability of Personal Data, including but not limited to:   
  • Administrative and Organizational Safeguards
    • HG Insights maintains policies and procedures for the security of Personal Data, including the following:
      • Written information security policies that set forth HG Insights’ procedures with regard to maintaining the safeguards set forth in this Information Security Addendum. 
      • Incident Response Plan, which sets forth HG Insights’ procedures to investigate, mitigate, remediate, and otherwise respond to security incidents.
    • HG Insights conducts regular assessments of the risks and vulnerabilities to the confidentiality and security of Personal Data.
    • HG Insights regularly tests and monitors the effectiveness of its Information Security Program, including through security audits, and will evaluate its Information Security Program and information security safeguards in light of the results of the testing and monitoring and any material changes to its operations or business arrangements.
    • HG Insights has appointed a VP-level individual to oversee and manage its Information Security Program and has designated an Incident Response Team to address any Personal Data Breach.
    • HG Insights maintains role-based access restrictions for its systems, including restricting access to only those HG Insights employees that require access to perform the HG Insights Services or to facilitate the performance of such HG Insights Services, such as system administrators, consistent with the concepts of least privilege, need-to-know, and separation of duties.
    • HG Insights periodically reviews its access lists to ensure that access privileges have been appropriately provisioned and regularly reviews and terminates access privileges for HG Insights employees that no longer need such access.
    • HG Insights assigns unique usernames to authorized HG Insights employees and requires that HG Insights employees’ passwords satisfy minimum length and complexity requirements and be changed periodically.
    • HG Insights regularly provides training to employees, as relevant for their roles, on confidentiality and security.
    • HG Insights requires relevant HG Insights employees to acknowledge HG Insights’ Information Security Program annually. 
    • HG Insights has a policy in place to address violations of its Information Security Program.
  • Technical Security
    • HG Insights logs system activity—including authentication events, changes in authorization and access controls, and other system activities—and regularly reviews and audits such logs.
    • HG Insights maintains network security measures, including but not limited to firewalls, to segregate its internal networks from the internet, risk-based network segmentation, intrusion prevention or detection systems to alert Supplier to suspicious network activity, and anti-virus and malware protection software.
    • HG Insights has implemented workstation protection policies for its systems, including automatic logoff after a period of inactivity and locking the system after a defined number of incorrect authentication attempts. 
    • HG Insights requires multi-factor authentication on its systems for administrative users.
    • HG Insights conducts periodic vulnerability scans and assessments on all systems storing, processing, or transmitting Personal Data to identify potential vulnerabilities and risks to Personal Data. 
    • HG Insights remediates identified vulnerabilities in a risk-prioritized and timely manner, including timely implementation of all high-risk mitigating manufacturer- and developer-recommended security updates and patches to systems and software storing, transmitting, or otherwise Processing Personal Data.
  • Physical Security
    • HG Insights restricts access to its facilities, equipment, and devices to HG Insights employees with authorized access on a need-to-know basis. 
    • HG Insights tracks the location of its equipment, devices, and electronic media and maintains a record of such locations.
  • Incident Response
    • Consistent with its Incident Response Plan, HG Insights takes steps in the aftermath of any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data to investigate, mitigate, remediate, and otherwise respond to such security incident. HG Insights will inform Customer of a confirmed Personal Data Breach without undue delay and in any event within 48 hours of becoming aware. 
    • In the event that Customer is subject to a regulatory inquiry or threatened litigation relating to a security incident, HG Insights will provide Customer with reasonable assistance and support in responding to such investigation.
  • Subprocessors
    • HG Insights conducts diligence of prospective subprocessors to ensure that they are capable of meeting the security standards set forth in this Information Security Addendum and requires them to comply with terms that are substantially similar to those set forth in this Information Security Addendum.
  • Special Access Controls Within Subprocessor Systems
    • Box (operated by Box, Inc.) is the only HG Insights-approved means of transmission and sharing of Customer Lists.
    • Box provides secure file transmission and storage by using encryption on files in transit as well as at rest.
    • Customer is provided a unique collaborative folder, created by HG Insights, which may only be accessed by Customer-designated personnel, the Customer’s designated HG Insights Customer Success Manager (CSM), HG Insights Customer Success management staff, and the designated HG Insights Box Administrator.
    • HG Insights maintains a hierarchical folder structure and associated access controls on a per-product basis that ensures “need-to-have” access to Customer Lists.
    • Prior to Campaign execution, Customer Lists are securely loaded into Ortto, which secures file transmission and storage by using encryption of data in transit and at rest.
    • Customer Lists reside in Ortto as separate digital assets and are not co-mingled or shared between HG Insights Customers.
    • HG Insights maintains “need-to-have” access to the Ortto  system and associated Customer List data.
  • Auditing Within Subprocessor Systems
    • Designated HG Insights. personnel with appropriate access rights have access to relevant activity and audit data made available by each Subprocessor for the purpose of monitoring and auditing actions taken within such Subprocessor’s systems in connection with the Services
  • Disaster Recovery Within Subprocessor Systems
    • HG Insights. engages only Subprocessors that maintain industry‑standard backup, business continuity, and disaster recovery controls designed to protect the availability and integrity of Customer Data processed in their environments. In the event Customer Data is accidentally deleted or otherwise lost within a Subprocessor’s environment, recovery of such data will be performed in accordance with those controls and the Subprocessor’s native restoration capabilities.
  • Special Monitoring Mechanisms for Subprocessor Systems
    • HG Insights. implements reasonable monitoring and alerting mechanisms within Subprocessors’ systems, where such functionality is made available, which may include event or activity notifications (for example, upon upload, download, modification, or deletion of Customer Data) and periodic review of relevant access and activity logs. In addition, where applicable, workflows such as outbound campaigns or similar activities initiated through a Subprocessor’s system are subject to HG Insights.’s internal review and approval processes and are monitored on an ongoing basis to help detect unauthorized or anomalous activity.

Schedule C to DPA

Subprocessor List

    • MotherDuck (USA)
    • PredictLead (USA)

  • Data Enrichment
  • Datadog (USA)
  • LangSmith (USA)
    • LLM performance monitoring.
    • support@langchain.dev
    • 2660 3rd Street Apartment 629, San Francisco CA 94107 US 

  • OpenAI (USA)
  • Anthropic (USA)
     AI safety & research (Claude models)
     privacy@anthropic.com (generic inbox; official address not publicly disclosed)
    367 Pine Street, 6th Floor, San Francisco, CA 94104

  • Box, Inc.
    • Secure sharing of Customer Lists from Customer to HG Insights
    • privacy@box.com
    • 900 Jefferson Avenue, Redwood City, California 94063, United States

  • Validity, Inc., d/b/a “BriteVerify”
    • Validation of email addresses on Customer Lists prior to execution of Campaigns
    • 200 Clarendon Street, 22nd Floor, Boston, Massachusetts 02116, United States
    • privacy@validity.com 

  • Ortto Inc.
    • Storage of Customer Lists, execution of Campaigns, and tracking and filtering of unsubscribes and bounced email addresses
    • 1390 Market Street Suite 200, San Francisco CA 94102, United States
    • privacy@orttoapp.com

  • Zendesk (USA)
    • Customer support & service platform with AI integrations (ticketing, automation, chatbots, analytics)
    • 1019 Market St #600, San Francisco, CA 94103
    • privacy@zendesk.com

  • FullStory, Inc.
    • Usage information is recorded to assist with enhancing the user experience of HG products and services. This is also used to help troubleshoot customer issues as well as investigate server errors.
    • privacy@fullstory.com 
    • 1745 Peachtree St NE, Ste N, Atlanta, Georgia 30309, United States

  • Okta, Inc.
    • Manage and secure user authentication for access to HG products and services.
    • privacy@okta.com
    • 100 1st Street, 6th Floor, San Francisco, California 94105, United States

  • Pendo.io
    • Product engagement assistance based on user actions as well as proactive messaging and user education.
    • gdpr@pendo.io
    • 301 Hillsborough St, Suite 1900, Raleigh, NC 27603, United States

  • Segment.io, Inc.
    • Troubleshoot client-side incidents & uncover performance problems.
    • privacy@twilio.com 
    • 375 Beale Street, Suite 300, San Francisco, CA 94105, United States 

  • Snowflake, Inc.
    • Data warehouse that contains HG Insights’ source data supporting our products (MRD repository).
    • privacy@snowflake.com 
    • Suite 3A, 106 East Babcock Street, Bozeman, Montana 59715, United States 

  • FullEnrich Corp
    • Provide waterfall B2B contact enrichment (emails and phone numbers) for sales and marketing prospect outreach.
    • support@fullenrich.com
    • 28 Geary St, STE 650, Suite #346, San Francisco, CA 94108, United States FullEnrich

  • LoneScale
    • Provide B2B contact enrichment, job change tracking, and signal-based contact data sourcing to support sales prospecting and CRM data hygiene.
    • 6, rue des bateliers – 92110 Clichy, France