Data Processing Addendum
Our standard DPA for customers, with EU Standard Contractual Clauses. Last updated June 2026.
Merrily is operated by TariffLens, Inc. When you use Merrily to process personal data about your customers and contacts, we act as a data processor and you act as the data controller. Our Data Processing Addendum (DPA) sets out the terms that govern that processing and forms part of your agreement with us.
What the DPA covers
Our standard DPA reflects the requirements of GDPR Article 28 and similar laws. In summary, under the DPA we commit to:
- Process on your instructions. We process personal data only to provide the service to you and on your documented instructions.
- Confidentiality. Our personnel are bound by confidentiality obligations.
- Security. We maintain appropriate technical and organizational measures to protect personal data. See our Trust and Security page for a summary.
- Subprocessors. We use the subprocessors on our subprocessor list, bind them to data-protection obligations consistent with the DPA, give you advance notice of new or replaced subprocessors, and give you a right to object.
- Data-subject requests. We assist you in responding to requests from individuals to exercise their rights, taking into account the nature of the processing.
- Personal-data breaches. We notify you without undue delay after becoming aware of a personal-data breach affecting your data.
- Deletion or return. On termination, we delete or return the personal data we process on your behalf, subject to any legal retention requirement.
- Demonstrating compliance. We make available the information reasonably necessary to demonstrate compliance and to support audits, as set out in the DPA.
International data transfers
Where the DPA covers transfers of personal data out of the European Economic Area, the United Kingdom, or Switzerland, it incorporates the European Commission Standard Contractual Clauses (SCCs), together with the UK International Data Transfer Addendum. This gives you a recognized transfer mechanism for the data we process on your behalf.
How to request a signed copy
This page is a plain-language summary, not the full legal text. To receive our standard DPA for review or signature, contact [email protected]. We are happy to put a signed DPA in place with customers and with prospects evaluating the product. For the subprocessors referenced in the DPA, see our subprocessor list.