This document was generated for Sheridan Bay LLC, operating as The Halo Crest and should be reviewed by a licensed attorney in Florida before being relied upon.
Data Processing Addendum
This DPA explains how The Halo Crest processes personal data on behalf of clients when delivering marketing, CRM, advertising, lead, inbox, and AI drafting services.
Roles
Client is the controller/business for its customer and lead data. Sheridan Bay LLC, operating as The Halo Crest acts as processor/service provider when processing data on Client’s behalf.
Processing purpose
We process data to provide lead generation, campaign management, CRM, automations, reporting, inbox reactivation, AI drafting, support, billing, and related services.
Personal data categories
Names, emails, phone numbers, addresses/ZIP codes, project details, appointment data, conversation context, advertising IDs, and campaign/CRM activity.
Sub-processors
Approved sub-processors include Stripe, GoHighLevel, Meta, Google, OpenAI/Anthropic, Twilio, Cal.com, Cloudflare, and necessary hosting/security/service providers.
Security
We use reasonable technical and organizational safeguards including access controls, least privilege, HTTPS/TLS, OAuth where available, and vendor security controls.
Client instructions
We process personal data only according to the agreement, this DPA, documented client instructions, legal requirements, or platform requirements.
Assistance and deletion
Upon reasonable request, we will assist with data access, deletion, correction, and export requests. After termination, data is retained according to the Privacy Policy unless deletion is requested and legally permitted.