Data Processing Addendum

Last updated: February 11, 2026 

This DPA applies when Healthdesk processes Personal Data on behalf of Customer.

1. Roles
Customer is the Controller of End User data.
Healthdesk is the Processor.
Healthdesk processes data solely to provide the Services.

2. Scope of Processing
Purpose: Transmission and routing of 10DLC SMS and MMS messages at Customer’s direction.
Categories of data: Phone numbers, names, message content, timestamps, opt out status, metadata.
Duration: For the term of the Agreement and limited retention thereafter for security and legal compliance.

3. Customer Responsibilities
Customer is solely responsible for lawful collection of Personal Data and consent.
Customer represents it has provided all required notices and obtained all necessary permissions.

4. Security
Healthdesk maintains reasonable administrative, technical, and physical safeguards to protect Personal Data.

5. Subprocessors
Customer authorizes Healthdesk to use subprocessors including cloud hosting providers, messaging carriers, and infrastructure vendors necessary to provide 10DLC services.
Healthdesk will impose reasonable data protection obligations on subprocessors.

6. Incident Notification
Healthdesk will notify Customer without undue delay upon discovery of a Personal Data breach affecting Customer Data.

7. Data Return or Deletion
Upon termination, Healthdesk will delete or return Personal Data upon request, except where retention is required by law or security needs.

8. No Sale of Data
Healthdesk does not sell Customer End User Personal Data and will not use it for advertising or unrelated purposes.