Data Processing Agreement

Last updated: September 17, 2025

Data Processing Overview

This Data Processing Agreement (DPA) outlines how Pitchers processes personal data on behalf of our customers in accordance with applicable data protection laws, including GDPR and other regional privacy regulations.

Data Controller: You (our customer) remain the data controller for personal data you provide to us.

Types of Data We Process

We process the following categories of personal data:

Account Information

  • • Email addresses
  • • Names and contact details
  • • Account preferences
  • • Authentication data

Business Data

  • • Company information
  • • Business contact details
  • • Industry classifications
  • • Geographic data

Scraped Data

  • • Public business listings
  • • Contact information
  • • Website URLs
  • • Social media profiles

Usage Data

  • • API usage statistics
  • • Service performance data
  • • Error logs
  • • System metrics

Processing Purposes

We process personal data for the following purposes:

Service Delivery

Providing data scraping and business intelligence services

Account Management

Managing user accounts, authentication, and preferences

Payment Processing

Processing payments and managing billing information

Service Improvement

Analyzing usage patterns to improve our services

Legal Compliance

Complying with legal obligations and regulatory requirements

Data Security Measures

We implement comprehensive security measures to protect personal data:

Technical Safeguards

  • End-to-end encryption (AES-256)
  • Secure data transmission (TLS 1.3)
  • Regular security updates
  • Intrusion detection systems
  • Automated backup systems

Administrative Safeguards

  • Access control policies
  • Regular staff training
  • Background checks for employees
  • Incident response procedures
  • Regular security audits

Data Retention

We retain personal data according to the following schedule:

Account DataWhile account is active
Scraped DataAs per customer instructions
Usage Logs2 years
Payment Records7 years
Support Communications3 years

Sub-processors

We may use trusted sub-processors to provide our services. All sub-processors are bound by similar data protection obligations:

Infrastructure

  • • Cloud hosting providers
  • • CDN services
  • • Database services

Services

  • • Payment processors
  • • Email services
  • • Analytics providers

Data Subject Rights

We support all data subject rights under applicable data protection laws. As a data processor, we will assist you (as data controller) in fulfilling data subject requests:

  • Right of access to personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

Data Breach Notification

In the event of a data breach affecting personal data, we will:

  • • Notify you within 24 hours of becoming aware of the breach
  • • Provide detailed information about the breach
  • • Assist in any required notifications to supervisory authorities
  • • Support affected data subjects as needed
  • • Implement measures to prevent future breaches

Contact Information

For questions about data processing or to exercise your rights:

Data Protection Officer: dpo@pitchers.com

Privacy Team: privacy@pitchers.com

Legal Team: legal@pitchers.com