Legal
Data Processing Agreement
Last updated: June 23, 2026
This Data Processing Agreement (or “DPA”) sets forth the terms and conditions relating to Processing of Personal Information by PinPoint Verify LLC (“PinPoint Verify”, “us”, or “we”) in the course of providing the Services to you as a B2B Customer (“B2B Customer” or “you”). This DPA is governed by and part of your written and executed agreement with PinPoint Verify for use of the SaaS Product (the “Agreement”). All references to the Agreement herein shall include this DPA. By executing the Agreement, the Parties also execute this DPA.
Questions? Contact us at support@pinpointverify.com.
1. Data Processing Terms
The terms listed in this section shall have the meanings given below. All capitalized terms not defined in this DPA have the meanings set forth in the Agreement.
1.1 “B2B Customer Data” means any electronic data or information submitted by or on behalf of B2B Customer, including but not limited to data input to the SaaS Product by an End Applicant of B2B Customer’s website or other platform (“User”), to the Services.
1.2 “Consumer” means an identified or identifiable natural person subject to protections under Privacy Laws.
1.3 “Controller” means the entity that determines the means and purposes of the Processing of Personal Information, including a "Business" as that term is defined by the CCPA.
1.4 “Data Incident” means the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Information included in B2B Customer Data that is Processed by PinPoint Verify or its Sub-processors.
1.5 “Instructions” means written, documented instructions issued by B2B Customer to PinPoint Verify to perform a specific or general action regarding Personal Information for the purpose of providing the Services to B2B Customer pursuant to the Agreement.
1.6 “Personal Information” means any information contained in B2B Customer Data that is protected under applicable Privacy Laws, such as information describing or relating to: (i) an identified or identifiable natural person or household or (ii) an identified or identifiable legal entity where such information is protected as Personal Information or personally identifiable information under applicable Privacy Laws.
1.7 “Privacy Laws” means the federal and state laws of the United States governing consumer privacy and data protection, including without limitation the California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq., and its implementing regulations (“CCPA”) or consumer privacy and data protection law of other U.S. states, such as the consumer privacy law(s) of Connecticut, Colorado, Iowa, Nevada, Oregon, Tennessee, Texas, Virginia, and other states, each as enacted or amended from time to time.
1.8 “Processing” means any operation or set of operations which is performed upon Personal Information, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
1.9 “Processor” means the party that Processes Personal Information on behalf of the Controller, including any "Service Provider" as that term is defined by the CCPA.
1.10 “Security Measures” means the technical and organizational measures employed by PinPoint Verify to secure Personal Information on PinPoint Verify information systems.
1.11 “Sell” means the disclosure or transfer of Personal Information to a third party for monetary or other valuable consideration as provided under the CCPA.
1.12 “Share” means disclosure of Personal Information to a third party for cross-contextual behavioral advertising, regardless of whether money is exchanged, as provided under the CCPA.
1.13 “Sub-processor” means a Processor engaged by PinPoint Verify to Process Personal Information contained in B2B Customer Data.
2. Processing Personal Information
2.1 Applicability of this DPA. This DPA applies to Processing of Personal Information by PinPoint Verify in relation to PinPoint Verify’s provision of the Services to B2B Customer. The parties agree to comply with the terms and conditions in this DPA in connection with Processing of Personal Information under the Agreement.
2.2 Roles of the Parties. The parties acknowledge and agree that, with regard to the Processing of Personal Information pursuant to the Agreement, B2B Customer is the Controller and PinPoint Verify is the Processor. For clarity, this DPA (a) only applies to Processing of Personal Information by PinPoint Verify as a Processor to B2B Customer and (b) does not apply to PinPoint Verify’s activities as a Controller, such as the operation of our marketing website.
2.3 Duration. PinPoint Verify shall process Personal Information throughout the term of the Agreement and any renewal term thereof. Upon termination of the Agreement by either party, PinPoint Verify shall cease processing Personal Information on B2B Customer’s behalf upon completion of the termination provisions described herein.
2.4 Nature, Purpose, and Subject Matter of the Processing. PinPoint Verify shall only Process Personal Information under this DPA for the purpose of providing the Services to B2B Customer pursuant to the Agreement and in compliance with B2B Customer’s Instructions. The nature, purpose, and subject matter of PinPoint Verify’s Processing of Personal Information under this DPA are described in and governed by the Agreement. In providing the Services, PinPoint Verify may process End Applicant Personal Information as described in PinPoint Verify’s Privacy Policy (available at https://pinpointverify.com/privacy), including but not limited to identifiers (name, email address, mailing address), employment history (former, current, or prospective employers), commercial history (e.g., verifications ordered), internet and similar activity, and sensitive Personal Information that may be included on notarized documents. All Processing of Personal Information via the Services is determined solely by B2B Customer and according to B2B Customer’s privacy practices.
2.5 Processing by PinPoint Verify. B2B Customer hereby appoints PinPoint Verify to Process the Personal Information contained in B2B Customer Data on behalf of B2B Customer as necessary for PinPoint Verify to provide the Services under the Agreement. All Personal Information Processed under the Agreement will be stored, organized, and made available to B2B Customer as the Controller per B2B Customer’s Instructions via the Services. PinPoint Verify shall treat Personal Information as confidential information. If PinPoint Verify is required by applicable law to disclose B2B Customer Data for a purpose unrelated to the Agreement, PinPoint Verify will first inform B2B Customer of the legal requirement and give B2B Customer an opportunity to object or challenge the requirement, unless the law prohibits such notice. Notwithstanding the foregoing, PinPoint Verify shall have the right to collect and use Personal Information contained in B2B Customer Data to investigate any use of the Service that is unlawful or violates the Agreement, provide and develop the Services, respond to legal actions, or for administrative purposes such as accounting and compliance.
2.6 Instructions. B2B Customer hereby instructs PinPoint Verify to Process Personal Information contained in B2B Customer Data as needed to provide the Services to B2B Customer and to further Process User physical address and related data as needed for PinPoint Verify to provide, maintain, update, and improve the Services or other products or services that may be offered by PinPoint Verify. The parties agree that the Agreement, together with B2B Customer’s use of the Services in accordance with the Agreement, and other written Instructions from B2B Customer to PinPoint Verify (email to suffice) shall constitute B2B Customer’s complete and final Instructions to PinPoint Verify in relation to the Processing of B2B Customer Data. If PinPoint Verify determines that Instructions are outside the scope of the Agreement, PinPoint Verify may charge additional fees and/or require a written agreement between PinPoint Verify and B2B Customer to perform such Instructions. PinPoint Verify shall inform B2B Customer without delay if, in PinPoint Verify’s opinion, an Instruction violates applicable Privacy Laws or PinPoint Verify is unable to follow an Instruction and, where necessary, cease all Processing until B2B Customer issues new Instructions with which PinPoint Verify is able to comply. Notwithstanding any provision to the contrary, B2B Customer is solely responsible for the legality, outcome, and results of any and all Instructions and PinPoint Verify shall have no liability whatsoever related to its performance of the Agreement according to any B2B Customer Instructions.
2.7 B2B Customer Obligations. B2B Customer shall, in B2B Customer’s use of the Services, Process Personal Information in accordance with the requirements of all applicable Privacy Laws, including without limitation requirements to provide notice to Consumers of the use of PinPoint Verify as Processor, and PinPoint Verify policies and documentation, as applicable. B2B Customer is solely responsible for the accuracy, quality, and legality of the Personal Information and the means by which B2B Customer acquires the Personal Information. B2B Customer represents and warrants that it has established a lawful basis to Process Personal Information, its use of the Services will not violate the rights of any Consumer, and it has the right to transfer or provide access to the Personal Information to PinPoint Verify for Processing under the Agreement. B2B Customer shall inform PinPoint Verify without undue delay if B2B Customer is not able to comply with B2B Customer’s obligations under this DPA or any applicable Privacy Laws. For the avoidance of doubt, PinPoint Verify is not responsible for compliance with any Privacy Laws applicable to B2B Customer or B2B Customer’s industry that are not generally applicable to PinPoint Verify.
2.8 Limitations. PinPoint Verify shall not (i) sell Personal Information; (ii) share Personal Information with third parties for cross-contextual behavioral advertising purposes; (iii) retain, use, or disclose Personal Information for a commercial purpose except as permitted by the Agreement or as otherwise permitted by Privacy Laws; or (iv) retain, use, or disclose Personal Information outside of its direct business relationship with B2B Customer. PinPoint Verify certifies that it understands and will comply with the restrictions of this Section 2.8.
2.9 No Sale or Sharing Between Parties. The parties agree that B2B Customer does not Sell or Share (each as defined in the CCPA) Personal Information to PinPoint Verify because, as a Service Provider to B2B Customer, PinPoint Verify may only use Personal Information as Instructed by B2B Customer.
3. Consumer Privacy Rights
PinPoint Verify shall, to the extent legally permitted, promptly notify B2B Customer if PinPoint Verify receives a request from a Consumer to exercise the Consumer's right under applicable Privacy Laws relating to B2B Customer Data, each such request being a “Consumer Request”. Taking into account the nature of the Processing, if B2B Customer is unable to independently address a Consumer Request, PinPoint Verify will reasonably assist B2B Customer by appropriate technical and organizational measures, insofar as this is possible and to the extent PinPoint Verify is legally permitted to do so, for the fulfillment of B2B Customer’s obligation to respond to a Consumer Request under Privacy Laws. B2B Customer shall be legally responsible for responding substantively to any such Consumer Requests or communications involving Personal Information and for all costs associated with the same.
4. PinPoint Verify Personnel
PinPoint Verify shall (i) ensure that access to Personal Information is limited to those PinPoint Verify personnel who are necessary to provide the Services and (ii) take commercially reasonable steps to ensure the reliability of any PinPoint Verify personnel engaged in the processing of Personal Information. Additionally, PinPoint Verify shall ensure that its personnel engaged in the Processing of Personal Information are informed of the confidential nature of the Personal Information, have received appropriate training on their responsibilities and have executed written confidentiality agreements.
5. Sub-Processors
B2B Customer acknowledges and agrees that PinPoint Verify may engage Sub-processors in connection with the provision of the Services. PinPoint Verify has entered into a written agreement with each Sub-processor containing data protection obligations not less protective than those in this Agreement with respect to the protection of B2B Customer Data to the extent applicable to the nature of the Services provided by such Sub-processor. PinPoint Verify shall be liable for the acts and omissions of its Sub-processors to the same extent PinPoint Verify would be liable if performing the Services of each Sub-processor directly under the terms of this DPA, except as otherwise set forth in the Agreement. PinPoint Verify will make a current list of Sub-processors available to B2B Customer upon request. B2B Customer may object to a new or replacement Sub-processor to the extent permitted by Privacy Laws by emailing support@pinpointverify.com.
6. Data Security
6.1 Security Measures. PinPoint Verify shall maintain appropriate technical and organizational measures for protection of the security, confidentiality, and integrity of B2B Customer Data, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. B2B Customer is solely responsible for (i) determining whether the Services meet B2B Customer’s security standards and support B2B Customer’s obligations under Privacy Laws and (ii) the secure use of PinPoint Verify’s Services by B2B Customer, including but not limited to ensuring that B2B Customer does not misuse Personal Information or take action resulting in a Data Incident.
6.2 Data Incidents. PinPoint Verify shall notify B2B Customer without undue delay after becoming aware of a Data Incident occurring on PinPoint Verify’s or its Sub-processors’ information systems. PinPoint Verify shall make reasonable efforts to identify the cause of the Data Incident and take such steps as PinPoint Verify deems necessary and reasonable to remediate the cause of the Data Incident to the extent the remediation is within PinPoint Verify's control. At B2B Customer’s request, and to the extent PinPoint Verify is required to do so under applicable Privacy Laws, PinPoint Verify will promptly provide B2B Customer with commercially reasonable assistance as necessary to enable B2B Customer to meet B2B Customer’s obligations under applicable Privacy Laws to notify authorities and/or affected Consumers. The obligations herein shall not apply to incidents that are caused by B2B Customer or its End Applicants or end users or any security incident unrelated to B2B Customer Data.
7. Access & Audits
7.1 Impact Assessment. Upon B2B Customer’s request, PinPoint Verify will provide B2B Customer with reasonable cooperation and assistance needed to fulfill B2B Customer’s obligation under Privacy Laws to carry out a data protection impact assessment related to B2B Customer’s use of the Services, to the extent B2B Customer does not otherwise have access to the relevant information, and to the extent such information is available to PinPoint Verify.
7.2 Government Access Requests. If PinPoint Verify receives a legally binding request from a government agency to access B2B Customer Data, PinPoint Verify shall, unless otherwise legally prohibited, promptly notify B2B Customer including a summary of the nature of the request. To the extent PinPoint Verify is prohibited by law from providing such notification, PinPoint Verify shall use commercially reasonable efforts to obtain a waiver of the prohibition to enable PinPoint Verify to communicate as much information as possible, as soon as possible. Further, PinPoint Verify shall challenge the request if, after careful assessment, it concludes that there are reasonable grounds to consider that the request is unlawful. When challenging a request, PinPoint Verify shall not disclose the B2B Customer Data requested until required to do so under the applicable procedural rules. PinPoint Verify agrees it will provide the minimum amount of information permissible when responding to a request for disclosure, based on a reasonable interpretation of the request. PinPoint Verify shall promptly notify B2B Customer if PinPoint Verify becomes aware of any direct access by a government agency to B2B Customer Data and provide information available to PinPoint Verify in this respect, to the extent permitted by law. For the avoidance of doubt, this DPA shall not require PinPoint Verify to pursue action or inaction that could result in civil or criminal penalties for PinPoint Verify. PinPoint Verify shall ensure that Sub-processors involved in the Processing of B2B Customer Data are subject to the relevant commitments under this DPA regarding government access requests.
7.3 Audit Rights. Subject to the confidentiality obligations set forth in the Agreement, upon B2B Customer’s written request and at reasonable intervals and B2B Customer’s sole expense, PinPoint Verify shall make available to B2B Customer or B2B Customer’s agent on a confidential basis a copy of PinPoint Verify’s most recent third-party audits or security documentation demonstrating PinPoint Verify’s compliance with the obligations set forth in this DPA. Such third-party audits or certifications may also be shared with B2B Customer’s competent Supervisory Authority on its request. Any audit conducted under this Section 7.3 shall be conducted by B2B Customer: (i) acting reasonably, in good faith, and in a proportional manner, taking into account the nature and complexity of the Services used by B2B Customer; (ii) up to one time per year with at least three (3) weeks’ advance written notice; and (iii) during PinPoint Verify’s normal business hours, for a reasonable duration and shall not unreasonably interfere with PinPoint Verify’s day-to-day operations. If an emergency justifies a shorter notice period than provided in (ii), PinPoint Verify will use good faith efforts to accommodate the audit request.
8. Termination
This DPA will automatically terminate upon expiration or termination of the Agreement. PinPoint Verify will return, destroy, or render anonymous all such Personal Information in accordance with B2B Customer’s reasonable written Instructions submitted to PinPoint Verify within 30 days of termination or expiration of the Agreement, subject to the limitations described in the Agreement. The requirements of this Section 8 do not apply to the extent that PinPoint Verify is required by applicable law to retain some or all of B2B Customer Data, or to B2B Customer Data that is archived on back-up systems, which data PinPoint Verify shall securely isolate and protect from any further Processing and delete in accordance with PinPoint Verify’s deletion practices.
9. General Terms
If and to the extent language in this DPA conflicts with the Agreement, this DPA shall control. This DPA forms part of the Agreement and all activities under this DPA remain subject to the applicable limitations of liability set forth in the Agreement. For the avoidance of doubt, PinPoint Verify’s total liability for all claims from B2B Customer arising out of or related to the Agreement and this DPA shall apply in the aggregate for all claims under both the Agreement and this DPA, including by B2B Customer, and, in particular, shall not be understood to apply separately or severally to B2B Customer as a contractual party to any such DPA. Additionally, B2B Customer agrees that any regulatory fines or penalties incurred by B2B Customer in relation to the B2B Customer Data that arise as a result of, or in connection with, B2B Customer's failure to comply with its obligations under this DPA or any applicable Privacy Laws shall count toward and reduce PinPoint Verify's liability under the Agreement as if it were liability to B2B Customer under the Agreement. This DPA will be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement, unless otherwise required by applicable Privacy Laws.