← Back to omniscientpartners.com

Data Processing Agreement

Omniscient Partners · Template v1.0 · April 2026 · GDPR & CCPA Aligned

This Data Processing Agreement ("DPA") supplements the Master Service Agreement ("MSA") between:

Omniscient Partners ("Processor"), a sole proprietorship operated by Pranith Akula, San Francisco, California; and

___________________________ ("Controller"), the entity identified as "Client" in the MSA.

This DPA is effective as of the Effective Date of the MSA and governs the processing of Personal Data by Processor on behalf of Controller.

1. Definitions

  1. "Personal Data" means any information relating to an identified or identifiable natural person contained in the data export provided by Controller, including but not limited to: contact names, email addresses, phone numbers, job titles, and company associations.
  2. "Processing" means any operation performed on Personal Data, including collection, storage, enrichment, analysis, and deletion.
  3. "Sub-Processor" means a third-party service engaged by Processor to assist in the processing of Personal Data.
  4. "Applicable Data Protection Law" means the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and any other applicable privacy legislation.

2. Scope of Processing

  1. Purpose. Processor will process Personal Data solely for the purpose of performing the pipeline reactivation audit services described in the MSA.
  2. Data Subjects. The Personal Data relates to business contacts associated with Controller's closed-lost sales opportunities — typically sales prospects, decision-makers, and account owners at third-party companies.
  3. Categories of Data. Contact name, business email, business phone, job title, company name, company domain, CRM deal metadata (deal stage, close date, loss reason, ACV).
  4. Duration. Processing begins upon receipt of Controller's data export and ceases upon the earlier of (a) completion of the engagement or (b) thirty (30) calendar days from the Effective Date.

3. Processor Obligations

  1. Lawful Basis. Processor will process Personal Data only on documented instructions from Controller (the MSA and this DPA constitute such instructions) and in compliance with Applicable Data Protection Law.
  2. Confidentiality. All personnel with access to Personal Data are bound by confidentiality obligations. As a sole proprietorship, the only individual with access is Pranith Akula (Founder).
  3. Security Measures. Processor implements the following technical and organizational measures:
    • Data processed on a locally-operated, encrypted machine — not uploaded to cloud storage
    • No CRM connectors, OAuth integrations, or persistent API access to Controller's systems
    • Full-disk encryption (AES-256) on the processing machine
    • All API calls to Sub-Processors encrypted via TLS 1.2+
    • Automated data purge at day 30
  4. Data Breach Notification. In the event of a Personal Data breach, Processor will notify Controller without undue delay and no later than seventy-two (72) hours after becoming aware of the breach. Notification will include the nature of the breach, categories and approximate number of data subjects affected, likely consequences, and measures taken to mitigate.
  5. Deletion. Upon completion of the engagement or upon Controller's written request, Processor will permanently delete all Personal Data within five (5) business days and provide written confirmation of deletion upon request.

4. Sub-Processors

Controller authorizes Processor to engage the following Sub-Processors. Processor will notify Controller in writing before adding or replacing any Sub-Processor.

Sub-Processor Purpose Data Shared Location
Anthropic (Claude) AI analysis: scoring, trigger classification, repitch angle generation Company name, deal metadata (no direct PII sent) United States
Apollo.io Contact resolution: current DM name, title, email verification Company name, domain United States
Proxycurl (Nubela) Headcount trajectory, leadership change detection Company name, LinkedIn URL Singapore / United States
PredictLeads Job posting intent signals Company name, domain United States

Processor ensures that each Sub-Processor is bound by data protection obligations no less protective than those set out in this DPA.

5. Controller Rights

  1. Access & Audit. Controller may request information regarding Processor's processing activities and compliance with this DPA. Processor will make available all information reasonably necessary to demonstrate compliance.
  2. Data Subject Requests. Processor will assist Controller in responding to data subject requests (access, rectification, erasure, portability, objection) to the extent technically feasible, within ten (10) business days.
  3. Impact Assessments. Processor will provide reasonable assistance to Controller in conducting data protection impact assessments as required under Applicable Data Protection Law.

6. International Transfers

Personal Data is processed within the United States. If any Sub-Processor processes data outside the United States or the European Economic Area, Processor will ensure that appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) where required by GDPR.

7. Term & Termination

This DPA is coterminous with the MSA. Upon termination or expiration of the MSA, Processor's data deletion obligations under Section 3.5 survive and will be fulfilled within five (5) business days.

8. Liability

Processor's liability under this DPA is subject to the limitation of liability provisions in the MSA. Each party is responsible for its own compliance with Applicable Data Protection Law.

Processor

Omniscient Partners

Name: Pranith Akula
Title: Founder
Signature
Date
Controller

___________________________

Name: ___________________________
Title: ___________________________
Signature
Date

Omniscient Partners · San Francisco, CA · hi@omniscientpartners.com

This template is provided for informational purposes. Controller is encouraged to have this DPA reviewed by legal counsel prior to execution.