Legal Agreements at Cometly

Terms & Conditions

Terms of Service End User License Agreement (EULA)Acceptable Use Policy (AUP)Data Processing Addendum (DPA)Marketing Affiliate Program Agreement Earnings & Results Disclaimer

Privacy

Last Modified: December 24, 2024

THIRD-PARTY SUB-PROCESSORS

At Cometly, we prioritize transparency regarding the third-party companies (“Sub-Processors”) we engage to process personal data on behalf of our customers. This Third-Party Sub-Processor List provides detailed information about each Sub-Processor, including their location and the purpose of their engagement. Each Sub-Processor is bound by written agreements that mandate data protection, confidentiality, and security measures no less stringent than those committed to by Cometly in our Data Processing Addendum (DPA).
‍
If you have any questions or concerns about our Sub-Processors, please contact us at privacy@cometly.com.

1. Infrastructure & Hosting
2. Communication & Support
3. Analytics & Attribution
4. Payments & Financial
5. Development & Internal Tooling
6. Documentation & Contract Tools
7. Miscellaneous
8. Sub-Processor Updates
9. Additional Notes
10. Data Processing Addendum (DPA)
11. Contact Us

1. INFRASTRUCTURE & HOSTING

Amazon Web Services (AWS)

USA

We use AWS for secure hosting of our platform, databases, and backups. Customer data (including personal data) may be stored in AWS data centers. AWS Privacy

SingleStore

USA

SingleStore is a cloud-based database solution used for fast data processing and analytics within the Cometly platform. Ensures data integrity and performance. SingleStore Privacy

2. COMMUNICATION & SUPPORT

Intercom

USA

Provides customer support messaging, in-app chat, and user engagement services. Processes names, emails, and chat content. Intercom Privacy

HubSpot

USA

Utilized for marketing and lead management. Stores prospect and customer contact details (e.g., names, emails, phone numbers) for communication and marketing automation. HubSpot Privacy

Twilio (SendGrid)

USA

Facilitates email and call tracking services, including system notifications, password resets, and other communications. Processes names, emails, and phone numbers. Twilio Privacy

Slack

USA

Internal communication tool for Cometly’s team. Minimal personal data (e.g., user ID or email) may be referenced during support escalations. Slack Privacy

Zoom

USA

Used for video conferencing and support calls with customers. Handles names, email addresses, and any personal data shared during calls. Zoom Privacy

Klaviyo

USA

Sends marketing emails and/or text messages. Stores names, email addresses, and phone numbers for campaign management. Klaviyo Privacy

3. ANALYTICS & ATTRIBUTION

Google Ads

USA

Integration allows Cometly to send or retrieve ad performance data for attribution and optimization. Processes hashed identifiers, ad campaign data, etc. Google Ads Privacy

Meta Ads
(Facebook)

USA

Integration with Facebook/Meta Ads platform for attribution data. Potentially includes hashed emails, IP addresses, click IDs, and location data. Meta Privacy

TikTok Ads

USA

Used to attribute TikTok ad interactions and share limited event data. TikTok Privacy

LinkedIn Ads

USA

LinkedIn Ads integration for conversion tracking and attribution. LinkedIn Privacy

Zapier

USA

Automation platform that can pass data (like form submissions, leads) between Cometly and other apps based on user configuration. Zapier Privacy

June

USA

Product usage analytics tool that helps analyze user interactions with Cometly’s dashboard. Typically involves anonymized or pseudonymized usage data. June Privacy

Survicate

USA

Collects feedback and survey responses from users or customers. May contain names/emails if users opt in. Survicate Privacy

OpenAI

USA

Occasionally engaged for AI-assisted source detection. Minimal technical data (e.g., truncated IP, device info) may be shared; no direct personal identifiers. OpenAI Privacy

4. PAYMENTS & FINANCIAL

Stripe

USA

Payment processing services for subscription billing. Stripe may store billing information (credit card numbers, billing addresses), while Cometly only sees minimal info (e.g., last four digits, status). Stripe Privacy

FirstPromoter

USA

Tracks affiliate and referral commissions. Stores affiliate account data (name, email, payout information). FirstPromoter Privacy

5. DEVELOPMENT & INTERNAL TOOLING

GitHub

USA

Code repository for our software development. Occasionally minimal user info (e.g., reference IDs) may appear in logs or commit messages, but we aim to exclude personal data. GitHub Privacy

Webflow

USA

Website development platform used for hosting front-end marketing pages. May process minimal contact form data if used for certain pages. Webflow Privacy

CloudFlare

USA

DNS and content delivery network (CDN) that helps secure and accelerate our website. May process IP addresses and basic logs. CloudFlare Privacy

ClickFunnels

USA

Used for certain landing pages or funnels. May process lead data (names, emails, etc.) on sign-up pages. ClickFunnels Privacy

Linear

USA

Project management tool for internal issue/task tracking. Occasionally may see user IDs or emails in bug reports, but not intended for storing personal data. Linear Privacy

6. DOCUMENTATION & CONTRACT TOOLS

PandaDoc

USA

For sending and signing contracts electronically (e.g., NDAs, custom deals). Processes names, emails, and contract details. PandaDoc Privacy

ChurnKey

USA

Churn prevention software used to manage and analyze cancellations or retention. May process user email, subscription ID, or reason for cancellation. ChurnKey Privacy

7. MISCELLANEOUS

Google Workspace

USA

Cometly’s corporate email and productivity suite. Internal emails and document collaboration may include user details if relevant to support or account management. Google Workspace Privacy

8. SUB-PROCESSOR UPDATES

We may engage new Sub-Processors or replace existing ones as we grow. When doing so, we will provide at least 30 days advance notice to customers via email or through your account dashboard before any new Sub-Processor begins processing data. This notification period aligns with our Privacy Policy and End User License Agreement (EULA).

Customer Rights:

Objection: Customers may object to the use of a new Sub-Processor by terminating their subscription in accordance with Section 9.3 Termination by Customer of our EULA.
No Service Disruption: Termination due to objection will not affect your ability to use other services provided by Cometly.

9. ADDITIONAL NOTES

Data Minimization: We strive to minimize the amount of personal data shared with each Sub-Processor, ensuring only necessary data is processed to fulfill the intended purpose.
Security & Compliance: Each Sub-Processor is thoroughly vetted for security and privacy compliance, and must adhere to contractual commitments regarding data protection, including GDPR, CCPA, and other relevant regulations.
Data Processing Agreements (DPAs): All Sub-Processors are required to sign a DPA, which outlines their obligations to protect personal data and comply with applicable data protection laws.‍
International Data Transfers: Where Sub-Processors are located outside the European Economic Area (EEA), United Kingdom, or Switzerland, we ensure that data transfers are conducted in accordance with GDPR requirements, utilizing mechanisms such as Standard Contractual Clauses (SCCs).

10. DATA PROCESSING ADDENDUM (DPA)

For business customers subject to GDPR, UK GDPR, or similar laws, we offer a Data Processing Addendum (DPA) that outlines our obligations as a processor, including sub-processor disclosures, data breach notifications, and more. If you need a DPA, please contact us at privacy@cometly.com.

11. CONTACT US

If you have any questions or concerns about our Sub-Processors, please contact us at:

Comet LLC (d/b/a Cometly)
41 University Drive, Suite 400
Newtown, Pennsylvania 18940
United States

Email: privacy@cometly.com

‍