Data Processing Agreement (DPA)
Last Updated: May 13, 2026
This DPA is entered into by Gary Vogt ("Processor") and the Customer ("Controller") to define the ephemeral processing of data within the Easy A2P application.
1. Zero-Storage Declaration
1.1. Non-Retention Policy: Processor operates on a "Zero-Persistence" model. Personal Data input into the Easy A2P application—including message samples, contact details, and GHL sub-account data—is processed strictly in-session.
1.2. No Data At Rest: Processor does not store, archive, or maintain databases containing Personal Information. Once the browser session is terminated or the A2P package is generated, all underlying Personal Data is purged from volatile memory.
2. Regulatory Alignment & TCPA
2.1. Scope: This agreement covers compliance with GDPR, CCPA, and the Telephone Consumer Protection Act (TCPA).
2.2. Intent: Processing is limited to scanning for compliance markers (e.g., opt-out language, sender identification) to facilitate A2P 10DLC registration.
3. Data Sovereignty & Intellectual Property
3.1. Controller Ownership: The Controller retains 100% ownership of any data passed through the application.
3.2. Processor IP: All proprietary scanning logic, AI prompt frameworks, and GoHighLevel "Snapshots" provided by Gary Vogt Consulting remain the exclusive Intellectual Property of the Processor.
4. Liability Shield (The "Veto" Clauses)
4.1. Third-Party Platform Actions: Processor is not liable for any account suspensions or "Platform Bans" (e.g., GMB, Twilio, or GoHighLevel) resulting from the Controller's messaging activities.
4.2. Carrier Filtering: Despite compliance scanning, Processor does not guarantee message delivery. Liability for "Carrier Filtering" or blocked campaigns is explicitly disclaimed.
4.3. Lost Revenue: Under no circumstances shall Processor be liable for indirect, incidental, or "Lost Revenue" damages.
5. Sub-processors (Transient Processing)
Controller acknowledges that data is transmitted to the following entities for real-time analysis only:
| Sub-processor | Purpose | Location |
|---|---|---|
| Railway | Application hosting | United States |
| Supabase | Database, authentication | United States |
| Stripe, Inc. | Payment processing | United States |
| Resend | Transactional email | United States |
| HighLevel, Inc. (GoHighLevel) | CRM/marketing platform integration | United States |
| Google LLC (Analytics 4) | Usage analytics | United States |
| Anthropic, PBC | AI compliance scanning (if message content is sent to Claude API) | United States |
6. Security Measures
Processor employs TLS 1.2+ encryption for all data in transit. Because no data is stored "at rest," the risk of a traditional data breach is minimized; however, Processor maintains internal SOPs for session security and API key management.
Contact
For data protection inquiries:
- Gary Vogt
- Address: 6173 Stoffer Way, Orangevale, California, 95662
- Phone: (888) 996-4227
- Email: [email protected]