Data Processing Addendum

Effective Date: 13 December 2025
Last Updated: 13 December 2025

This Data Processing Addendum ("DPA") forms part of the Terms of Service or any other agreement governing the use of Ollo CRM (the “Agreement”), between:

Customer (“Controller”, “you”) and

Pineapple Connect LLC, a Wyoming limited liability company, operating under the brand Ollo CRM (“Processor”, “we”, “us”, or “our”).

This DPA applies when you use the Ollo CRM platform to process Personal Data protected under:

• The EU General Data Protection Regulation (EU GDPR)

• The UK General Data Protection Regulation (UK GDPR)

• The California Consumer Privacy Act (CCPA), as amended by the CPRA

• Other applicable data protection laws (collectively, the "Data Protection Laws")

1. Definitions

• Personal Data: Any information relating to an identified or identifiable natural person.

• Controller: The party that determines the purposes and means of processing Personal Data.

• Processor: The party that processes Personal Data on behalf of the Controller.

• Data Subject: The individual whose personal data is processed.

• Sub-Processor: A third party engaged by the Processor to process Personal Data.

• Applicable Law: All relevant data protection and privacy laws.

2. Scope and Roles

• You, the Customer, act as the Data Controller.

• Pineapple Connect LLC acts as the Data Processor, or in some cases a Sub-Processor where GoHighLevel is the primary processor.

• This DPA applies to all processing of Personal Data conducted via the Ollo CRM platform.

3. Nature and Purpose of Processing

The Processor will process Personal Data solely for the following purposes:

• Providing and maintaining the Ollo CRM platform

• Facilitating communications (email, SMS, etc.)

• Managing contact and customer records

• Supporting customer marketing and sales operations

• Complying with legal obligations

The processing is carried out on behalf of the Controller for the duration of the Customer's subscription to the Service.

4. Types of Personal Data

The Personal Data processed may include, but is not limited to:

• Contact names

• Email addresses

• Phone numbers

• Communication logs

• Business or client information uploaded by the Controller

• CRM-related metadata

The categories of Data Subjects include your customers, leads, prospects, employees, contractors, and other individuals whose data is entered into the system.

5. Processor Obligations

We agree to:

• Process Personal Data only on documented instructions from you

• Ensure that personnel authorized to process data are subject to confidentiality

• Implement appropriate technical and organizational security measures

• Assist you in responding to Data Subject requests (e.g., access, deletion)

• Assist with security incident responses and regulatory compliance

• Delete or return Personal Data upon termination of the service (unless otherwise required by law)

6. Sub-Processing

You authorize us to use Sub-Processors to support our service delivery. A list of current Sub-Processors is available upon request and includes:

• GoHighLevel LLC – platform infrastructure and database hosting

• Twilio, SendGrid, Mailgun, etc. – communication service providers

• Stripe or other payment processors – billing and payments

• Other service providers as necessary for platform functionality

We will:

• Ensure all Sub-Processors are contractually bound by obligations no less protective than those in this DPA

• Notify you of any changes to Sub-Processors (you may object on reasonable grounds)

7. International Data Transfers

We may transfer and process Personal Data outside of your jurisdiction, including to the United States.

Where such transfers occur:

• We will use lawful mechanisms such as Standard Contractual Clauses (SCCs) or ensure the recipient is in a country with an adequacy decision

• UK transfers will comply with the UK Addendum to the SCCs

• CCPA-covered data transfers will be subject to relevant contractual safeguards

8. Security Measures

We have implemented and maintain appropriate technical and organizational measures, including:

• Data encryption (in transit and at rest)

• Role-based access controls and authentication

• Regular vulnerability assessments

• Backup and disaster recovery systems

• Secure cloud infrastructure via GoHighLevel and their partners

9. Data Subject Requests

We will:

• Promptly notify you if we receive a Data Subject request directly

• Not respond to such requests without your written instructions

• Provide reasonable assistance in responding to access, correction, deletion, or portability requests

10. Data Breach Notification

In the event of a confirmed Personal Data Breach, we will:

• Notify you without undue delay

• Provide available details about the breach

• Cooperate in the investigation, mitigation, and any regulatory reporting

11. Audit and Compliance

Upon written request, we will:

• Provide information necessary to demonstrate compliance with this DPA

• Allow for audits or inspections (subject to reasonable notice, limits, and confidentiality agreements)

12. CCPA/CPRA Compliance (California Residents)

For the purposes of the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• We are a Service Provider or Contractor.

• We will not:

  • Sell or share your Personal Data

  • Retain, use, or disclose Personal Data for any purpose other than providing the services

  • Combine Personal Data with other data unless permitted by law

13. Return or Deletion of Data

Upon termination of your Ollo CRM account, we will:

• Delete or return all Personal Data to you, unless retention is required by law

• Ensure any Sub-Processors do the same

14. Term and Termination

This DPA remains in effect for as long as we process Personal Data on your behalf, including after the termination of your subscription for necessary data retention periods.

15. Conflict with Main Agreement

In the event of a conflict between this DPA and any other agreement between the parties (e.g., Terms of Service), this DPA shall control regarding data protection matters.

16. Contact Information

Pineapple Connect LLC
Registered in Wyoming, USA
Email: [email protected]

17. Signatures

You may accept this DPA by continuing to use Ollo CRM in a jurisdiction where data protection laws apply. If you require a signed version for legal or regulatory purposes, please contact [email protected].