Last Updated: 18 November 2025
This DPA forms part of the Agreement between:
Cadenth Consulting Group Ltd. Liability Co.
California Limited Liability Company
500 S. Sepulveda Blvd., Suite 4th FL – 100A, Los Angeles, CA 90049
Email: hello@cadenth.com
(“Cadenth,” “Processor,” “Service Provider,” “we,” “our”)
and
The entity or individual executing a consulting agreement with Cadenth (“Client,” “Controller”).
This DPA applies only to the extent Cadenth processes business, operational, or limited personal data on behalf of Client.
1. DEFINITIONS
1.1 “Data Protection Laws”
Refers to applicable U.S. privacy laws including CCPA/CPRA, and GDPR principles where relevant.
1.2 “Personal Data”
Any information relating to an identifiable person processed by Cadenth on behalf of Client.
1.3 “Business/Operational Data”
Workflows, SOPs, exports, system maps, diagrams, internal structures, or files shared by Client.
1.4 “Controller” (Client)
The entity determining the purpose and means of data processing.
1.5 “Processor” (Cadenth)
The entity processing data on behalf of the Controller.
1.6 “Third-Party Services”
Platforms including but not limited to:
Google, Zoom, Calendly, Notion, ClickUp, Airtable, Zapier, Make, Stripe, PayPal, CRMs, or any external tool.
2. ROLE OF THE PARTIES
2.1 Client = Controller
Client determines all purposes and means of data processing.
Client is solely responsible for:
- data legality
- obtaining required consents
- accuracy of information
- compliance with all privacy laws
2.2 Cadenth = Processor / Service Provider
Cadenth processes data only to perform contracted services.
Cadenth does not sell, share, or retain data outside legal obligations.
3. INSTRUCTIONS FROM CLIENT
Cadenth will process data only in accordance with:
- this DPA
- the main Agreement
- written instructions from Client
If Client instructions violate law, Cadenth may refuse or suspend processing.
Cadenth is NOT liable for illegal or incorrect instructions from Client.
4. NATURE AND PURPOSE OF PROCESSING
Cadenth processes data solely to:
- perform diagnostics
- analyze workflows
- build systems and documentation
- conduct operational mapping
- create automations and dashboards
- deliver consulting services
Cadenth does not process:
- sensitive personal information
- regulated or protected data (HIPAA, FERPA, PCI, etc.)
Client must NOT provide such data.
5. TYPES OF DATA PROCESSED
5.1 Personal Data (Limited)
May include:
- name
- meeting information
- business contact information
5.2 Operational Data
Includes:
- workflows
- internal structures
- SOPs
- exports
- dashboards
- CRM fields
- task lists
- diagrams
5.3 Excluded Data
Client must NOT send:
- government IDs
- credit card numbers
- bank details
- SSNs
- medical information
- passwords (unless access is required)
- biometric data
Cadenth bears no liability if Client submits prohibited data.
6. CLIENT RESPONSIBILITIES
Client is fully responsible for:
- ensuring all data is lawfully collected
- providing accurate and complete information
- maintaining system security
- restricting internal access
- revoking access when the project ends
- ensuring third-party platform compliance
Client acknowledges Cadenth cannot verify legality or accuracy of Client-supplied data.
7. CADENTH SECURITY MEASURES
Cadenth implements commercially reasonable safeguards:
- encrypted access
- restricted internal permissions
- secured cloud storage
- MFA where available
- regular security checks
Cadenth does not provide:
- penetration testing
- cybersecurity guarantees
- perfect system protection
No system can be guaranteed fully secure.
8. SUB-PROCESSORS
Cadenth may use certified third-party providers (sub-processors) solely to deliver services.
Examples include:
- cloud storage
- communication tools
- project systems
- automation platforms
- analytics tools
Cadenth is not liable for sub-processor outages, breaches, or policy changes.
Client grants general authorization for sub-processors.
9. INTERNATIONAL TRANSFERS
Data may be processed:
- in the United States
- in India (operations timezone)
- in cloud environments globally
Cadenth ensures transfers follow commercially reasonable safeguards consistent with CCPA and GDPR principles.
10. DATA BREACH NOTIFICATION
If Cadenth becomes aware of unauthorized access to data within its own controlled systems, we will:
- notify Client without undue delay
- provide relevant information
- take corrective action
Cadenth’s liability is strictly limited to fees paid for the relevant service.
Client is responsible for:
- breaches on their systems
- compromised accounts
- malware infections
- unauthorized credential sharing
11. DATA SUBJECT REQUESTS
If Cadenth receives a data access/deletion request:
- Cadenth will notify Client
- Client is solely responsible for responding
- Cadenth will assist when legally required, fees may apply
Cadenth does not respond to subjects on Client’s behalf.
12. DATA RETENTION & DELETION
Cadenth retains data for up to:
- 7 years (operational recordkeeping)
- longer if legally required
Client may request deletion unless retention is mandatory.
Cadenth is not required to delete:
- emails containing business-critical information
- backups retained automatically by systems
- data needed for legal defense
13. THIRD-PARTY PLATFORM LIABILITY WAIVER
Cadenth is not responsible for:
- CRM issues
- automation failures
- API errors
- platform outages
- corrupted client data
- misconfiguration by Client
- changes made by Client’s team
- downtime of SaaS tools
Client assumes all third-party system risk.
14. NO DUTY TO MONITOR OR MAINTAIN
Unless a separate retainer is purchased, Cadenth has:
- no duty to monitor systems
- no duty to maintain automations
- no duty to ensure uptime
- no duty to validate system performance
All post-delivery oversight is the Client’s responsibility.
15. LIMITATION OF LIABILITY
Cadenth’s total liability under this DPA is strictly limited to:
the total fees paid by the Client for the specific service related to the claim.
Cadenth is not liable for:
- indirect damages
- lost profits
- business interruption
- data loss
- reliance damages
- operational errors
- regulatory penalties caused by Client actions
- third-party platform failures
- inaccurate Client-provided data
16. INDEMNIFICATION
Client shall indemnify and hold Cadenth harmless from claims arising from:
- illegal or inaccurate data supplied
- client-side breaches or malware
- misuse of deliverables
- failure to comply with privacy laws
- unauthorized third-party access
- platform misconfiguration
- errors caused by Client teams
Cadenth assumes zero liability for Client negligence or non-compliance.
17. GOVERNING LAW & ARBITRATION
This DPA is governed by California law.
All disputes must be resolved exclusively through binding arbitration in:
Los Angeles County, California
No jury trial
No class action
No collective claims
18. TERM
This DPA remains in effect as long as Cadenth processes data on behalf of the Client.
19. CONTACT INFORMATION
Cadenth Consulting Group Ltd. Liability Co.
Email: hello@cadenth.com
Address: 500 S. Sepulveda Blvd., Suite 4th FL – 100A, Los Angeles, CA 90049