Data Processing Terms

These Data Processing Terms (“DPA”) govern how Pronto Conversions (“Pronto,” “we,” or “us”) processes personal information on behalf of pest control businesses (“Business Customer” or “you”) that use the Pronto platform.

By using Pronto and agreeing to these terms during onboarding, Business Customer enters into this DPA with Pronto Conversions. This DPA is incorporated into and subject to the Pronto Terms of Service.

1. Definitions

2. Roles and Responsibilities

Business Customer is the Controller. Pronto is the Processor.

Pronto processes Personal Data only to provide the contracted service — automated SMS lead response on behalf of Business Customer. Pronto does not use homeowner data for its own marketing, analytics, or any purpose beyond delivering the service.

Business Customer is responsible for determining the lawful basis for collecting and processing homeowner data, including obtaining any required consents before Pronto sends text messages on Business Customer's behalf.

3. Details of Processing

4. Pronto's Obligations as Processor

Pronto will:

• Process Personal Data only on Business Customer's documented instructions (as established by the service configuration and these terms) — not for Pronto's own purposes
• Ensure that personnel with access to Personal Data are bound by confidentiality
• Implement and maintain appropriate technical and organizational security measures to protect Personal Data against unauthorized access, loss, or destruction
• Not engage additional sub-processors without Business Customer's awareness (current sub-processors are listed in Section 6)
• Assist Business Customer in responding to data subject rights requests (access, deletion, correction) that Pronto receives directly, within 30 days
• Delete or return Personal Data within 30 days of the service agreement ending, upon written request
• Notify Business Customer without undue delay upon becoming aware of a Personal Data breach affecting homeowner data — and in no case later than 72 hours

5. Business Customer's Obligations as Controller

Business Customer will:

• Obtain prior express written consent from homeowners before Pronto sends automated text messages on Business Customer's behalf — as required by the Telephone Consumer Protection Act (TCPA) and applicable state law
• Ensure that any web form, landing page, or intake process that captures homeowner phone numbers includes a clear consent disclosure identifying Business Customer by name and stating that automated text messages will follow
• Maintain records of consent for each homeowner whose data is processed through Pronto, for a minimum of four (4) years
• Not instruct Pronto to send messages to individuals who have opted out or who have not provided consent
• Ensure that any personal data provided to Pronto was collected lawfully and that Business Customer has a valid basis to share it with Pronto for processing
• Notify Pronto promptly of any TCPA complaints, regulatory inquiries, or litigation related to messages sent through the platform

6. Sub-processors

Pronto currently uses the following sub-processors to deliver the service. Each is bound by a written agreement that restricts their use of Personal Data to providing the applicable service to Pronto:

Pronto will provide reasonable notice of any intended changes to this sub-processor list. Business Customer's continued use of the service following such notice constitutes acceptance.

7. TCPA Compliance Allocation

Pronto operates as a technology platform that sends messages on Business Customer's behalf. Under the TCPA, the entity on whose behalf the message is sent bears primary responsibility for consent compliance.

Business Customer is responsible for obtaining, documenting, and maintaining TCPA-compliant prior express written consent for every homeowner whose phone number is submitted to Pronto. This includes ensuring that:

• Consent is obtained specifically for automated text messages from Business Customer
• Consent is not required as a condition of service
• The consent disclosure identifies Business Customer by name
• Opt-out instructions are provided at time of consent

Business Customer agrees to indemnify and hold harmless Pronto Conversions from any TCPA claims, penalties, or damages arising from Business Customer's failure to obtain valid consent before submitting a homeowner's number to the platform.

8. Data Subject Rights

If a homeowner contacts Pronto directly to exercise a privacy right (access, deletion, correction), Pronto will:

• Acknowledge the request within 5 business days
• Notify Business Customer of the request
• Provide reasonable assistance to Business Customer in fulfilling the request, including deleting Pronto's copies of the relevant Personal Data upon verified instruction

Business Customer, as Controller, is ultimately responsible for responding to data subject rights requests relating to data Business Customer controls.

9. Security

Pronto maintains appropriate technical and organizational measures to protect Personal Data — including encrypted data storage, access controls, and secure transmission. Pronto will notify Business Customer within 72 hours of discovering a security breach that affects homeowner Personal Data.

10. Governing Law

These Data Processing Terms are governed by the laws of the State of Texas, without regard to conflict of law principles. Any disputes arising under this DPA will be resolved in the state or federal courts located in Travis County, Texas.

11. Contact

For questions about these Data Processing Terms or to exercise rights under this DPA, contact: hello@prontoconversions.com