Go Online Now-Connect
Data Processing Agreement (DPA)
This Data Processing Agreement, including its Annexes A, B, and C (“DPA”), is entered into between Go Online Now-Connect (“Go Online Now-Connect”) and the entity agreeing to this DPA (“Customer”). This DPA outlines the parties’ agreement concerning the Processing of Personal Data by Go Online Now-Connect on behalf of the Customer, pursuant to the Terms of Service agreement in place between the parties (“Agreement”).
This DPA forms an integral part of the Agreement and becomes effective upon execution, or at such time specified in the Agreement, Order Form, or an executed amendment. If there is any conflict between this DPA and the Agreement, the terms of this DPA shall prevail to the extent of the conflict.
Definitions
(All definitions mirror those found in applicable Data Protection Laws, unless otherwise defined.)
References to “HighLevel” have been replaced with “Go Online Now-Connect.”
a. CCPA
The California Consumer Privacy Act is a law that gives California residents rights over their personal data—like knowing what’s collected, who it’s shared with, and the ability to delete it.
b. California Personal Information
This refers to personal data protected specifically under the CCPA for example, names, email addresses, or browsing history of California residents.
c. Business Purpose, Controller, Processor, etc.
These are legal terms from privacy laws. They define roles and actions like who owns the data (Controller), who processes it (Processor), and what qualifies as personal data or a data breach.
e. Data Protection Laws
Covers all privacy laws worldwide that apply to how data is handled like GDPR in Europe and CCPA in the US. These laws may change over time.
f. Europe
Refers to regions covered by European data privacy laws, including the EU, EEA, UK, and Switzerland.
g. European Data
Personal data that falls under European privacy regulations, such as data from EU or UK residents.
h. European Data Protection Laws
These are the main data privacy laws in Europe, like GDPR, ePrivacy Directive, UK GDPR, and Swiss DPA. They protect how people’s data is collected, used, and transferred.
i. GDPR
The General Data Protection Regulation is Europe’s core privacy law. It protects personal data and applies to companies handling data from EU or UK residents.
j. Standard Contractual Clauses (SCCs)
These are legal contracts used to safely transfer personal data outside of Europe to countries like the US, ensuring the data stays protected.
k. UK Addendum
An add-on to the SCCs used for transferring data from the UK to other countries, making sure the transfer complies with UK law.
2. Compliance
Both parties shall comply with all applicable Data Protection Laws and regulations relevant to the Processing of Personal Data under this DPA.
3. Controller/Processor Roles
The Customer acts as the Controller (or Processor), and Go Online Now-Connect acts as the Processor of Customer Personal Data, as defined under relevant Data Protection Laws.
4. Consents
Customer is responsible for obtaining all necessary consents, authorizations, and notices to ensure lawful transfer and use of Personal Data via the Go Online Now-Connect platform. The Customer shall indemnify Go Online Now-Connect for any consequences arising from the failure to obtain such consents.
5. Processing Scope
Annex A provides details on:
- Purpose, scope, and duration of processing
- Types of Personal Data
- Categories of Data Subjects
6. Customer Instructions
Go Online Now-Connect shall only process Customer Personal Data according to documented Customer instructions, unless required by law. The Agreement and this DPA constitute such instructions.
7. Obligations of Go Online Now-Connect
Go Online Now-Connect agrees to:
- Maintain appropriate technical and organizational security measures (see Annex B)
- Ensure personnel handling data are bound by confidentiality
- Assist the Customer in responding to data subject requests (where feasible)
- Notify Customer of any Personal Data Breach without undue delay
- Delete or return Customer Personal Data upon termination, unless required to retain it by law
- Make available all information necessary to demonstrate compliance and support audits if required by law
8. Service Provider under CCPA
Where the CCPA applies:
- The Customer is a “business”
- Go Online Now-Connect is a “service provider”
- Go Online Now-Connect will not sell, share, or use California Personal Information outside the scope of service
9. Subprocessors
Customer grants general authorization for Go Online Now-Connect to engage subprocessors (see Annex C). Go Online Now-Connect will:
- Impose the same data protection obligations on subprocessors
- Remain fully liable for subprocessors’ actions
- Notify Customer at least 30 days prior to adding/replacing subprocessors (if opted-in for updates)
10. International Data Transfers
Where applicable, Go Online Now-Connect agrees to comply with:
- The Standard Contractual Clauses (SCCs) for data transfers under GDPR
- The UK Addendum for UK GDPR
- Adapted terms under the Swiss DPA
In all cases, transfers will only occur if adequate protections are in place. Customer agrees to provide Go Online Now-Connect a reasonable opportunity to remedy any compliance issues before suspending transfers.
11. Amendments
Go Online Now-Connect may modify this DPA to reflect changes in data protection laws or improve security, provided such changes do not materially reduce the overall level of protection for Customer Personal Data.
11. Amendments
Go Online Now-Connect may modify this DPA to reflect changes in data protection laws or improve security, provided such changes do not materially reduce the overall level of protection for Customer Personal Data.
ANNEX A – Details of Processing
A. Parties
- Data Exporter: Customer
- Data Importer: Go Online Now-Connect
- Roles: Customer (Controller/Processor); Go Online Now-Connect (Processor)
B. Data Details
- Data Subjects: Customers and leads of the Customer
- Categories of Personal Data: Name, email, phone, DOB, etc.
- Sensitive Data: Not anticipated
- Purpose: Marketing, lead management, and campaign execution
- Retention: As long as Customer has an active account
C. Supervisory Authority
As determined by applicable data transfer laws
ANNEX B – Security Measures
Go Online Now-Connect implements:
- AES-256 and TLS v1.2+ encryption
- Access controls and role-based authorization
- Event logging and system monitoring
- Data backups with rapid restoration capability
- Physical security via trusted cloud providers (e.g., AWS, Google Cloud)
- Incident response protocols and limited data retention settings
- Data portability and deletion tools
- Self-service and ticket-based support for data requests
ANNEX C – Subprocessors
For the latest subprocessor list, visit:
https://www.gohighlevel.com/sub-processors
Includes providers such as AWS, Google Cloud, Twilio, Zapier, Meta (WhatsApp), Stripe, ClickUp, Zoom, and others.
Last Updated:
September 1, 2025
