Processing Scope

InstaChime processes lead and account data only to provide lead capture, routing, alerts, reporting, security, and support.

The subject matter is operation of the InstaChime lead-response service. The duration is the customer's active use of the service plus the retention and backup period described in the active agreement.

Customer Instructions

InstaChime processes customer data according to the product configuration, the active agreement, and documented customer instructions. Customers are responsible for the lawfulness of the data they submit and the destinations they configure.

Categories of Data

Processed data may include account users, administrators, sales representatives, prospects, leads, customers, and business contacts. Data fields may include names, business contact details, phone numbers, email addresses, company names, lead-source metadata, campaign data, form answers, routing details, alert logs, CRM delivery logs, and audit events.

Nature and Purpose

Processing includes collection, storage, organization, routing, notification, retrieval, transmission to configured destinations, logging, security monitoring, backup, deletion, and support actions needed to provide the service.

Confidentiality

Personnel and service providers with access to customer data should be subject to confidentiality obligations and access should be limited to the roles needed to provide and support the service.

Subprocessors

Resend is used for transactional email. Microsoft 365 is used for the admin mailbox. Google Analytics 4 and Microsoft Clarity are used for public-site analytics only after consent. Customers may add their own webhook, chat, spreadsheet, CRM, automation, SMS, WhatsApp, or voice destinations from the integrations UI.

Customer-configured destinations are chosen by the customer and may act as independent providers, processors, or controllers depending on the customer's contract with that destination.

Security Measures

Access controls, tenant scoping, audit logging, HTTPS, isolated services, encrypted MFA secrets, and backup procedures form the baseline security program.

Assistance and Incidents

InstaChime will provide reasonable assistance for customer data requests, security questions, and incident investigation using the information available in the service.

Customers should report suspected security incidents, unauthorized access, or misdirected integrations promptly so logs and delivery history can be reviewed.

Customer Controls

Organization owners can manage users, alert recipients, integrations, and content. Data export and deletion procedures should be handled through the active agreement.

Audits

Reasonable audit support may be provided through security documentation, product controls, logs, and written responses. Any deeper audit rights, notice periods, confidentiality requirements, or cost allocation should be stated in the active agreement.

International Transfers

Where transfer safeguards are required, the active agreement should identify the applicable transfer mechanism, such as standard contractual clauses or another lawful mechanism available to the parties.

Return and Deletion

Upon termination or verified request, customer data can be exported or deleted according to the active agreement, subject to backup lifecycle, security, legal, and audit requirements.

Related policies: Privacy Policy, Terms of Service, and Security.