Data Processing Addendum 

Patterns GTM, Inc.

(A Delaware Corporation)

2 Windtree Lane, Glen Mills, Pa 19342

Last Updated: 9/25/2025

1. Scope and Role

Customer = Controller. 

Patterns GTM, Inc.  = Processor. Patterns GTM, Inc.  processes Customer Personal Data only on documented instructions.

2. Processing of Data

  • Subject Matter: Processing necessary to provide Services.

  • Nature and Purpose: Processing includes connecting to and analyzing data from Customer’s enterprise systems (finance, sales, CS, marketing, product, communications).

  • Categories of Data Subjects: Employees, contractors, clients, Authorized Users.

  • Categories of Personal Data: Contact details, identifiers, communications, usage data, financial/transactional data, product interaction data, and other data submitted by Customer.

  • Duration: Term of Agreement until deletion.

3. Processor Obligations

Patterns GTM, Inc.  will: follow Customer instructions, bind personnel by confidentiality, maintain safeguards, assist with rights requests, notify of breaches, and provide compliance info.



4. Sub-Processors

  • Google Cloud Platform – Confidential Compute / Storage 
  • Github - Continuous Integration/Continuous Deployment

5. Data Transfers

Customer acknowledges processing in the U.S.

6. Anonymized and Aggregated Data

Patterns GTM, Inc.  may process de-identified and aggregated data for analytics, benchmarking, and service improvement, with safeguards against re-identification.

7. Audit Rights

Customer may audit annually (or more if required by law) with reasonable notice.

8. Data Retention and Deletion

At termination, Patterns GTM, Inc. will delete or return all Customer Personal Data unless retention is required by law.

9. Security Exhibit

  • Encryption in transit/at rest.In transit and at rest. Advanced Encryption Standard (AES) algorithm, AES-256

  • Access/authentication controls.
    • Email / PW, or email magic link
    • Will progress to SSO via Oauth

  • Logging and monitoring.

https://cloud.google.com/product/observability

  • Incident response.

During this beta evaluation period there may be intermittent outages. 

  • Business continuity/disaster recovery.

Data will be backed up and encrypted. Reports and insights will be made available. The initial environment is designed for functionality, and will have periodic backups, but will not be deployed in multiple regions or locations except to test latency and load balancing. Data will remain in the US. 

  1. Liability


 The liability of each party under this Data Processing Addendum (“DPA”) will be subject to the limitations and exclusions set forth in the Terms and Conditions between the parties. For clarity, nothing in this DPA will increase or expand either party’s liability beyond what is stated in the Terms and Conditions.

  1. Governing Law and Dispute Resolution

 This DPA will be governed by and construed in accordance with the laws of the State of Delaware, without giving effect to any conflict of law principles that would require the application of another jurisdiction’s laws. Any disputes arising out of or relating to this DPA will be subject to the exclusive jurisdiction of the state and federal courts located in Delaware, and each party consents to the personal jurisdiction of those courts.




















Appendix I – Details of Processing

  • Nature/Purpose: Hosting, storage, enrichment, analysis.

  • Types of Personal Data: Contact, identifiers, comms, usage, financial, product, and other enterprise system data.

  • Subjects: Employees, contractors, clients, Authorized Users.

  • Duration: Term of Agreement until deletion.