Oystercatcher
PlatformDataHow it worksPricingAbout
Sign inStart free trialTalk to sales→
← Legal

Data Processing Agreement

ARCHIVED VERSION. This document has been superseded and is preserved here for reference by users who accepted it. The current version is at /legal/dpa.

Last updated: rendered dynamically in the original (undated); superseded July 4, 2026

1. Introduction

This Data Processing Agreement ("DPA") forms part of the Terms of Service between Oystercatcher ("Processor") and the customer ("Controller") for the provision of services that involve the processing of personal data.

2. Definitions

  • "Personal Data" means any information relating to an identified or identifiable natural person.
  • "Processing" means any operation performed on personal data.
  • "Data Subject" means the individual to whom personal data relates.
  • "Sub-processor" means any third party engaged by the Processor to process personal data.

3. Subject Matter and Duration

This DPA applies to the processing of personal data by the Processor on behalf of the Controller in connection with the provision of the Oystercatcher services. The duration of processing is aligned with the term of the service agreement.

4. Nature and Purpose of Processing

The Processor processes personal data for the following purposes:

  • Providing lead scoring and sales intelligence services
  • Account management and user authentication
  • Customer support and communication
  • Service improvement and analytics

5. Types of Personal Data

The following categories of personal data may be processed:

  • Contact information (name, email, phone number)
  • Professional information (job title, organization)
  • Account credentials
  • Usage data and activity logs

6. Categories of Data Subjects

  • Customer employees and authorized users
  • Customer contacts and prospects

7. Obligations of the Processor

The Processor shall:

  • Process personal data only on documented instructions from the Controller
  • Ensure that persons authorized to process personal data are bound by confidentiality obligations
  • Implement appropriate technical and organizational security measures
  • Assist the Controller in responding to data subject requests
  • Notify the Controller without undue delay of any personal data breach
  • Delete or return all personal data upon termination of services
  • Make available all information necessary to demonstrate compliance

8. Sub-processing

The Controller authorizes the Processor to engage sub-processors. A current list of sub-processors is available on request by contacting our team. The Processor shall provide at least 30 days' notice before engaging new sub-processors.

9. Security Measures

The Processor implements the following security measures:

  • Encryption of data at rest and in transit
  • Access controls and authentication
  • Regular security assessments
  • Employee training on data protection
  • Incident response procedures

See our Security page for additional details.

10. Data Subject Rights

The Processor shall assist the Controller in responding to requests from data subjects to exercise their rights under applicable data protection laws.

11. Data Breach Notification

In the event of a personal data breach, the Processor shall notify the Controller without undue delay and in any event within 72 hours of becoming aware of the breach.

12. International Data Transfers

Where personal data is transferred outside the European Economic Area, the Processor ensures adequate safeguards through Standard Contractual Clauses or other approved mechanisms.

13. Audit Rights

The Processor shall allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller.

14. Return or Deletion of Data

Upon termination of services, the Processor shall delete or return all personal data and delete existing copies unless required to retain data by applicable law.

15. Amendments

This DPA may be amended by mutual written agreement. Changes to applicable data protection laws may require updates to this DPA.

Request a Signed DPA

If you require a signed copy of this DPA, please contact us.

Request Signed DPA

Footer

Oystercatcher

Healthcare provider intelligence. Natural-language targeting, ML prioritization, and agentic research for medical sales teams.

Platform
  • Natural-language targeting
  • ML prioritization
  • Agentic research
  • MCP & API
  • Data
  • Security
  • Pricing
Company
  • About
  • Careers
  • Contact sales
Resources
  • Solutions: Pharma
  • Solutions: Medical devices
  • Solutions: Healthcare SaaS
  • API overview
  • Terms
  • Privacy
  • Cookies
  • Your Privacy Choices
  • Do Not Sell or Share My Personal Information
  • For providers: your data & opt-out
  • Security
  • All Legal
© 2026 Oystercatcher, LLC · Connecticut, USAv 2026.04 · marketing