Back to legal overview

Data Processing Agreement

Effective Date: 01-01-2023
Last Updated: 28-11-2025
Company: SEINō B.V., Randstad 22-15, 1316 BN Almere, The Netherlands
Contact: legal@seino.ai

This Data Processing Agreement (“DPA”) explains how SEINō handles and protects personal data when providing our analytics platform. It is part of every Service Agreement and applies whenever SEINō processes personal data on behalf of a customer.

By using the SEINō platform, you agree to this DPA.

1. Roles

  • You (the customer) act as the Data Controller.
  • SEINō B.V., Randstad 22-15, Almere, acts as the Data Processor.

Both parties follow the GDPR.

2. What data SEINō processes

SEINō only processes the personal data you send to us through your email platform integrations or API.

Examples include:

  • hashed email identifiers
  • email domains
  • campaign or event metadata
  • engagement signals (opens, clicks, sends, etc.)

Full details are listed in Annex 1.

We only use this data to provide you with analytics, reporting, dashboards, and platform functionality. We never sell, share, or repurpose customer data.

3. How SEINō processes your data

SEINō processes your data only under your instructions, which include:

  • your Service Agreement
  • your account settings
  • your integrations with email/CRM platforms
  • this DPA

SEINō only processes Customer Personal Data to provide the Service and does not use Customer Personal Data for its own purposes. SEINō may use anonymized or aggregated data, which cannot be linked to any individual or Customer, to maintain and improve the Service, develop new features, and produce statistical insights or benchmarks. Any such data will contain no Personal Data and no information that identifies the Customer or its end users.

4. Security

SEINō uses strict technical and organizational measures to keep your data safe. These follow GDPR Articles 28 and 32.

Key measures include:

  • encrypted storage
  • role-based access control
  • strong password rules and MFA
  • audit logging
  • separate customer data stores
  • restricted production access
  • secure subprocessor contracts

A full overview is included in Annex 2.

5. Data breaches

If SEINō becomes aware of a security incident that affects your personal data, we will notify you within 24 hours.

Our notification will include:

  • what happened
  • what type of data was involved
  • how many records were affected
  • potential risks
  • what we are doing to resolve it

We will also provide logs and supporting documentation upon request.

We do not contact regulators or your customers directly unless required by law.

A template of our breach notification format is included in Annex 3.

6. Confidentiality

Everyone at SEINō who handles personal data is bound by confidentiality obligations, either by contract or law.

We only give access to people or subprocessors who need it to provide the service.

We never share personal data with third parties without a legal basis.

7. Subprocessors

Like most SaaS providers, SEINō uses trusted subprocessors for hosting, monitoring, support, and automation.

We only work with subprocessors who:

  • operate in the EU
  • follow GDPR requirements
  • sign strict data protection agreements

See up-to-date list with subprocessors

8. Supporting with data subject rights

If a user asks us directly for access/deletion/portability of their data, we will promptly forward the request to you, usually within 24 hours.

We assist you where possible. If special effort is needed, we may charge reasonable costs.

9. Data storage location

SEINō processes all customer data exclusively within the European Economic Area (EEA).

If we ever need to process or store data outside the EEA, we will ask for your explicit consent and apply all required safeguards.

10. Audits & compliance checks

We will provide any information you reasonably need to verify we comply with this DPA.

You may request an audit. Audits:

  • must be reasonable in scope and timing
  • must respect SEINō’s security policies
  • may incur reasonable cost if we need to assist extensively

11. Liability

Liability is governed by the Service Agreement.
SEINō is responsible for:

  • properly performing the obligations in this DPA
  • complying with GDPR
  • damages resulting from our failures

12. Duration

This DPA applies for as long as SEINō processes personal data for you.

It ends automatically when your Service Agreement ends.

Some obligations, like confidentiality and deletion, continue afterwards.

13. Data retention, return & deletion

We keep your data only as long as your Service Agreement requires or as long as the law allows.

When your contract ends, you may choose:

  1. Return of data
  2. Deletion of data

SEINō will confirm deletion once completed.

If the law requires us to keep certain data (e.g., backups), we will stop processing it and delete it when legally permitted. Retention rules follow the SEINō Data Retention Policy unless you instruct otherwise.

14. Changes to this DPA

We may update this DPA if:

  • laws change
  • we improve our security
  • we add new features that affect data processing

We will always:

  • announce updates
  • ensure your rights are not weakened

15. Governing law & disputes

Dutch law applies to this DPA. Disputes are handled by the courts defined in your Service Agreement.

Annex 1 — Personal Data Categories

SEINō only processes the minimum amount of data needed to deliver analytics. Below is the full list of data categories that may be processed when you connect your email platform to SEINō.

Data we process by default:

  • Customer_ID from your email platform
  • Email address, stored only as a hashed value (used for deduplication, never stored in raw form)
  • Email domain, for example “gmail.com”
  • Campaign metadata, such as:
    • campaign ID
    • send date and time
    • campaign name
    • subject line
    • mailing type
    • preheader
    • webversion URL
  • Engagement events, such as:
    • sends
    • opens
    • clicks
    • bounces
    • unsubscribes
  • Optional fields you choose to send, depending on your integration settings (e.g. product data, segment names, tags)

Data we do NOT store

SEINō does not store or process the following subscriber data:

  • name
  • address
  • phone number
  • any other personal data not explicitly required for analytics

You remain fully in control of which fields are shared with SEINō through your platform integrations.

Annex 2 — Security Measures (Summary)

Technical measures:

  • MFA and strong password enforcement
  • Audit logs on user actions and login activity
  • Encrypted credentials
  • Segregated customer data
  • Secure cloud hosting (EU)

Organizational measures:

  • Access only for authorized employees
  • Admin role management
  • Ability to export user logs upon request

Annex 3 — Security Incident Reporting Template

We include the same structured report format so customers receive consistent information.

Use Cases
Features
Resources
Product
Join our newsletter
Subscribe
Thank you!
Your submission has been received!
Oops! Something went wrong while submitting the form.
Copyright © SEINō 2025