Pamosnik← Home

Data Processing Addendum

Effective date: June 1, 2026

This Data Processing Addendum (“DPA”) forms part of the Terms of Service between Pamosnik and the business customer (“Customer”). It describes how Pamosnik processes personal data on the Customer’s behalf when the Customer uses the service to message its audience.

1. Roles

For personal data the Customer processes through the service (for example, the content of conversations with the Customer’s Instagram audience and the audience’s Instagram-scoped IDs), the Customer is the data controller and Pamosnik acts as a data processor. Pamosnik processes that data only on the Customer’s documented instructions, which include the automations the Customer configures.

2. Scope of processing

  • Subject matter: automated Instagram messaging and comment handling.
  • Duration: for as long as the Customer’s account is active, subject to the deletion terms below.
  • Categories of data: message and comment content, sender Instagram-scoped IDs and usernames, tags and custom fields the Customer assigns.
  • Data subjects: the people who message or comment on the Customer’s connected Instagram account.

3. Confidentiality and security

Pamosnik keeps personal data confidential and applies appropriate technical and organizational measures, including encryption in transit (HTTPS), hashed credentials, secure token storage, and per-account data isolation. Personnel with access are bound by confidentiality obligations.

4. Sub-processors

The Customer authorizes Pamosnik to engage sub-processors (such as hosting, email delivery, and the Meta / Instagram APIs) to provide the service. Pamosnik imposes data-protection obligations on its sub-processors consistent with this DPA.

5. Data subject rights and assistance

Taking into account the nature of the processing, Pamosnik will assist the Customer in responding to requests from data subjects and in meeting the Customer’s security, breach-notification, and impact- assessment obligations. Pamosnik will notify the Customer without undue delay after becoming aware of a personal data breach.

6. Deletion and return

On termination of the service, or on the Customer’s request, Pamosnik will delete or return the personal data it processes on the Customer’s behalf, as described in our Data Deletion Policy, except where retention is required by law.

7. International transfers

Where personal data is transferred across borders, Pamosnik relies on a lawful transfer mechanism (such as standard contractual clauses) where required by applicable law.

8. Contact

For data-protection matters, contact privacy@pamosnik.com.