Effective Date: 12 July 2026

Last Updated: 12 July 2026

Data Processing Agreement (DPA)

1. Introduction

This Data Processing Agreement ("DPA") forms part of the Conexello Terms of Service and applies where a customer uses Conexello to process personal information relating to their own customers, leads or prospective customers.

This DPA sets out the responsibilities of the parties regarding the processing of personal data in accordance with:

  • UK General Data Protection Regulation (UK GDPR);
  • Data Protection Act 2018;
  • other applicable data protection laws.

This DPA applies only to personal data processed by Conexello on behalf of a customer.

2. Definitions

For the purposes of this DPA:

"Customer"
Means the cleaning business or organisation using Conexello.
"Controller"
Means the entity that determines the purposes and means of processing personal data.
"Processor"
Means the entity that processes personal data on behalf of the Controller.
"Data Subject"
Means an identifiable individual whose personal data is processed.
"Personal Data"
Means information relating to an identified or identifiable individual.
"Processing"
Has the meaning given under applicable data protection laws and includes:
  • collecting;
  • storing;
  • accessing;
  • organising;
  • retrieving;
  • deleting;
  • otherwise using personal data.

"Lead Data" Means personal information submitted through a Conexello widget or imported into the Conexello platform.

3. Roles of the Parties

The parties acknowledge that:

Customer

The Customer acts as the Data Controller for Lead Data.

The Customer determines:

  • why Lead Data is collected;
  • what information is collected;
  • how Lead Data is used;
  • how long Lead Data should be retained.

Conexello

Conexello acts as the Data Processor.

Conexello processes Lead Data only:

  • to provide the Conexello service;
  • according to the Customer's instructions;
  • as necessary to operate the platform.

Conexello does not determine the purposes for which Lead Data is processed.

4. Scope of Processing

The processing covered by this DPA relates to Lead Data collected through Conexello services.

This may include:

  • quotation requests;
  • customer enquiries;
  • contact information;
  • property details;
  • cleaning requirements;
  • information submitted voluntarily by End Customers.

5. Categories of Data Subjects

The categories of Data Subjects may include:

  • individuals requesting cleaning quotations;
  • prospective customers of cleaning businesses;
  • existing customers of cleaning businesses.

6. Categories of Personal Data

The categories of personal data processed may include:

CategoryExamples
Contact Informationname; email address; telephone number; postcode
Property Informationnumber of bedrooms; number of bathrooms; property type; pet information; cleaning requirements
Additional InformationAny information voluntarily submitted by an End Customer through the widget

Conexello does not intentionally collect special category data through the standard widget.

Customers must not use Conexello to collect sensitive personal information unless they have an appropriate lawful basis and have configured their own privacy processes accordingly.

7. Processing Instructions

Conexello will process Lead Data only in accordance with the Customer's documented instructions and as necessary to provide the Conexello Service.

The Customer authorises Conexello to process Lead Data for the following purposes:

  • collecting quotation requests through Conexello widgets;
  • storing Lead Data within the Conexello platform;
  • displaying Lead Data within the Customer dashboard;
  • enabling Customer access to Lead Data;
  • exporting Lead Data where requested by the Customer;
  • sending lead notifications configured by the Customer;
  • maintaining and improving the security and reliability of the Service.

Conexello will not:

  • sell Lead Data;
  • use Lead Data for advertising purposes;
  • use Lead Data to create marketing databases;
  • use Lead Data for purposes unrelated to providing the Service.

8. Customer Responsibilities

The Customer remains responsible for compliance with applicable data protection laws.

The Customer must ensure that:

  • it has a valid lawful basis for collecting Lead Data;
  • it provides appropriate privacy information to End Customers;
  • it informs End Customers how their information will be used;
  • it handles data subject requests appropriately;
  • it only collects information necessary for its business purposes;
  • imported Lead Data was collected lawfully.

The Customer is responsible for determining:

  • the purpose of collecting Lead Data;
  • the retention period of Lead Data;
  • whether quotations should be provided;
  • how End Customers are contacted.

Conexello does not provide legal advice regarding the Customer's own privacy obligations.

9. Conexello Processor Obligations

Conexello agrees to:

  • process Lead Data only for authorised purposes;
  • maintain appropriate technical and organisational security measures;
  • ensure persons authorised to process Lead Data are subject to confidentiality obligations;
  • assist Customers where reasonably required to meet data protection obligations;
  • notify Customers of applicable personal data breaches as required by law;
  • delete or return Lead Data following termination where required.

Conexello will not knowingly process Lead Data in a way that conflicts with the Customer's documented instructions.

10. Security Measures

Conexello implements reasonable technical and organisational measures designed to protect Lead Data.

These measures include:

Encryption

  • encrypted communication between users and Conexello systems using TLS;
  • encrypted storage through infrastructure providers where supported.

Access Controls

  • authenticated account access;
  • restricted administrative access;
  • controlled access to production systems.

Authentication Security

  • secure authentication mechanisms;
  • support for Google Login authentication;
  • account security protections.

Infrastructure Security

Conexello uses trusted infrastructure providers including:

  • Supabase for database and authentication infrastructure;
  • established cloud service providers supporting secure application operation.

Monitoring

Where appropriate, Conexello may maintain:

  • authentication logs;
  • security events;
  • technical logs.

These measures are reviewed as Conexello develops.

11. Sub-processors

The Customer authorises Conexello to use third-party service providers ("Sub-processors") where necessary to provide the Service.

Current Sub-processors may include:

Sub-processorPurpose
Supabasedatabase hosting; authentication; application infrastructure
Paddlesubscription management; payment processing
Zoho Mailbusiness email communication; operational emails
Lovableapplication development and infrastructure support
123 Regdomain registration and management

Conexello remains responsible for ensuring that Sub-processors are subject to appropriate contractual obligations regarding personal data protection.

Conexello may update its list of Sub-processors from time to time.

Where required by applicable law, Customers may receive notice of material Sub-processor changes.

12. Confidentiality

Conexello will ensure that individuals authorised to process Lead Data:

  • are permitted to access such information only where necessary;
  • understand confidentiality obligations;
  • do not disclose Lead Data without authorisation.

This obligation continues after termination of the Customer's use of Conexello.

13. Personal Data Breaches

Conexello maintains procedures designed to identify, manage and respond to personal data breaches affecting the Service.

If Conexello becomes aware of a personal data breach involving Lead Data processed on behalf of a Customer, Conexello will:

  • investigate the nature and scope of the incident;
  • take reasonable steps to contain and mitigate the impact;
  • notify affected Customers where required by applicable data protection law;
  • provide reasonably available information to assist Customers with their own legal obligations.

Notification will include information reasonably available at the time, such as:

  • description of the incident;
  • categories of data affected;
  • steps taken to address the issue;
  • recommended actions where appropriate.

Conexello is not responsible for breaches caused by the Customer's own systems, employees, users, integrations or unlawful processing activities.

14. Assistance with Data Subject Requests

Where a Data Subject exercises their rights relating to Lead Data, the Customer remains responsible for responding to the request.

These rights may include:

  • access requests;
  • correction requests;
  • deletion requests;
  • restriction requests;
  • objection requests;
  • data portability requests.

Where reasonably required and legally permitted, Conexello will provide assistance to help the Customer respond.

Examples of assistance may include:

  • providing access to available Lead Data;
  • enabling export of Lead Data;
  • deleting Lead Data following Customer instructions;
  • providing relevant technical information.

The Customer acknowledges that Conexello does not have a direct relationship with End Customers using the Customer's cleaning services.

15. Data Retention and Deletion

Lead Data is retained only for as long as the Customer maintains access to the Conexello Service or as otherwise required by law.

The Customer may delete Lead Data through available Conexello functionality.

When a Customer deletes their Conexello account:

  • the Customer's organisation data is deleted;
  • associated Lead Data is deleted;
  • access to the Customer account is removed.

Deletion may not be reversible.

The Customer is responsible for exporting any information required before account deletion.

Where retention is required by applicable law, Conexello may retain limited information for the required period.

16. Return of Personal Data

Upon request, and where technically available, Conexello may provide Customers with tools to export their Lead Data.

Customers may export available Lead Data in supported formats, including:

  • CSV;
  • JSON.

Following successful export and account termination, Conexello will delete Lead Data in accordance with this DPA and its retention procedures.

17. International Transfers

Conexello may use Sub-processors that process personal data outside the United Kingdom.

Where international transfers occur, Conexello will ensure appropriate safeguards are implemented as required by applicable data protection legislation.

Such safeguards may include:

  • adequacy decisions;
  • international data transfer agreements;
  • standard contractual protections;
  • other legally recognised transfer mechanisms.

Current infrastructure includes:

  • Supabase infrastructure located within the European Union;
  • other service providers that may operate internationally.

18. Audits and Compliance Information

The Customer may request reasonable information regarding Conexello's compliance with this DPA.

Conexello may provide information about:

  • security practices;
  • processing activities;
  • Sub-processors;
  • technical measures.

Any audit request must:

  • be reasonable;
  • provide appropriate notice;
  • not disrupt Conexello's normal operations;
  • protect confidential information.

Unless required by law, Customers are responsible for their own compliance assessments.

19. Liability

Each party remains responsible for complying with its own obligations under applicable data protection laws.

The Customer remains responsible for:

  • lawful collection of Lead Data;
  • privacy notices provided to End Customers;
  • instructions provided to Conexello;
  • use of Lead Data after access through Conexello.

Conexello remains responsible for:

  • processing Lead Data according to this DPA;
  • maintaining appropriate processor obligations;
  • providing the Service described in the Terms of Service.

Any liability arising from this DPA is subject to the limitations and exclusions contained in the Conexello Terms of Service.

20. Relationship with Terms of Service

This DPA forms part of the Conexello Terms of Service.

If there is any conflict between this DPA and the Terms of Service regarding personal data processing, this DPA will take priority to the extent of that conflict.

All other provisions of the Terms of Service remain unchanged.

21. Changes to This DPA

Conexello may update this DPA from time to time to reflect:

  • changes in applicable law;
  • changes to the Service;
  • changes to Sub-processors;
  • improvements to privacy practices.

Where changes materially affect Customer obligations, Conexello may provide reasonable notice.

22. Acceptance

By creating a Conexello account and using the Service, the Customer acknowledges that:

  • they have reviewed this DPA;
  • they understand their responsibilities as Data Controller;
  • they authorise Conexello to process Lead Data as described in this DPA.

23. Contact

For questions regarding this Data Processing Agreement, contact: support@conexello.com