Annex 2 - Description of Processing

Last updated: 2026-01-30

ANNEX 2 – DESCRIPTION OF PROCESSING

────────────────────────────────────────

(a) Nature & Purpose: Hosting, storage, retrieval, transmission, display, indexing, backup, analytics, marketing automation, chat/communications, AI inference (optional) – strictly to provide the Service.

(b) Categories of Data Subjects: Customer’s own customers, leads, prospects, website/app visitors, employees (where Customer adds internal contacts), any natural persons whose data Customer uploads.

(c) Types of Personal Information (non-exhaustive):

• Identity & contact: name, email, phone, company, address, social-media URL;
• Communications: chat transcripts, emails, attachments;
• Behavioural & technical: IP address, device ID, cookie IDs, pages visited, events, Hotjar session data;
• Marketing engagement: opens, clicks, unsubscribes, UTM parameters;
• Optional: transaction data, subscription status, credit usage;

(d) Retention: See section 4.7 & 11 of Privacy Policy; or as otherwise instructed in writing by Customer.

(e) Sub-processors & locations: https://saasfirst.com/subprocessors (updated from time to time).