Legal

Data Processing Addendum

Last updated: May 24, 2026

This Data Processing Addendum ("DPA") forms part of the agreement between the customer ("Customer", "Controller") and BrandPilot AI ("BrandPilot AI", "Processor") for the use of ClickRadar™ (the "Service"). It governs the processing of personal data carried out by BrandPilot AI on behalf of the Customer. Where this DPA conflicts with the main agreement on the subject of data protection, this DPA controls.

1. Roles of the parties

For personal data processed to deliver the Service, the Customer is the Controller and BrandPilot AI is the Processor. BrandPilot AI processes personal data only on documented instructions from the Customer, including as set out in the agreement and this DPA, unless required to act otherwise by law. Where Canadian privacy law applies, the Customer is the organization accountable for the personal information under PIPEDA, and BrandPilot AI acts as a service provider processing that information on the Customer’s behalf.

2. Details of processing

• Subject matter: provision of ad intelligence, invalid traffic detection, and recovery reporting.
• Duration: the term of the agreement, plus any period required for deletion or return of data.
• Nature and purpose: collection, analysis, storage, and reporting on advertising and traffic data to identify waste and support recovery.
• Types of personal data: business contact details and online identifiers such as IP addresses, device identifiers, and similar data contained in advertising and analytics datasets.
• Categories of data subjects: the Customer's personnel and the users who interact with the Customer's advertising.

3. Processor obligations

BrandPilot AI will: process personal data only on the Customer's documented instructions; ensure that personnel authorized to process personal data are bound by confidentiality; implement appropriate technical and organizational security measures; and assist the Customer in meeting its own data protection obligations as described below.

4. Confidentiality

BrandPilot AI treats all personal data processed under this DPA as confidential and limits access to personnel who need it to deliver the Service.

5. Security measures

BrandPilot AI maintains technical and organizational measures appropriate to the risk, including encryption of data in transit, access controls and authentication, logging and monitoring, and regular review of its security program. The Customer is responsible for its own use of the Service, including managing its account access.

6. Sub-processors

The Customer authorizes BrandPilot AI to engage sub-processors, such as hosting, infrastructure, analytics, and monitoring providers, to support delivery of the Service. BrandPilot AI imposes data protection obligations on each sub-processor that are no less protective than those in this DPA, and remains responsible for their performance. BrandPilot AI will make available a current list of sub-processors on request and will give notice of intended changes so the Customer may object on reasonable grounds.

7. Assistance with data subject rights

Taking into account the nature of the processing, BrandPilot AI will provide reasonable assistance to enable the Customer to respond to requests from data subjects exercising their rights under applicable data protection law.

8. Personal data breach

BrandPilot AI will notify the Customer without undue delay after becoming aware of a personal data breach affecting personal data processed under this DPA, and will provide information reasonably available to assist the Customer in meeting its notification obligations.

9. International transfers

Where personal data is transferred across borders, the parties will rely on an appropriate transfer mechanism, such as standard contractual clauses or an equivalent safeguard recognized under applicable law.

10. Return and deletion of data

On termination or expiry of the agreement, BrandPilot AI will, at the Customer's choice, delete or return the personal data it processes on the Customer's behalf, and delete existing copies, unless retention is required by law.

11. Audits

BrandPilot AI will make available information reasonably necessary to demonstrate compliance with this DPA and will allow for and contribute to audits, including inspections, conducted by the Customer or an auditor it mandates, subject to reasonable notice, confidentiality, and frequency limits.

12. Liability and governing terms

The liability of each party under this DPA is subject to the limitations and exclusions of liability set out in the main agreement. This DPA is governed by the same law as the main agreement.

13. Contact

Data protection questions can be directed to privacy@clickradar.io.

ClickRadar™ is operated by BrandPilot AI:
120 Adelaide St. W., Suite 900, Toronto, ON M5H 3V1, Canada
Phone: 1-888-960-2724
General enquiries: info@brandpilot.ai