Legal
Last updated: June 11, 2026
This Data Processing Agreement ("DPA") forms part of the agreement between SBHelpGroup LLC ("Processor," "we," "us") and the customer that has agreed to our Terms of Service ("Customer," "Controller," "you") for use of the Straton CRM platform and related services (the "Services"). It governs the processing of personal data that you, as Controller, submit to or generate within the Services. Where this DPA conflicts with the Terms of Service on the subject of data processing, this DPA controls.
As between the parties, Customer is the Controller of Personal Data it submits to the Services, and SBHelpGroup LLC is the Processor. SBHelpGroup LLC will process Personal Data only on the documented instructions of the Customer, including as set out in this DPA and the Terms of Service, unless required to do otherwise by applicable law.
SBHelpGroup LLC processes Personal Data to provide the Services — including contact and lead management, communications (email, SMS, voice/calling), scheduling, pipelines, automations, reporting, billing, and related features — for the duration of the Customer's subscription and as needed to comply with law.
| Data subjects | Customer's contacts, leads, prospects, clients, end customers, and the Customer's own users/agents. |
|---|---|
| Personal Data | Names, email addresses, phone numbers, postal addresses, company details, communication content and history (including call recordings and transcripts where enabled), dispositions, tags, notes, and usage metadata. |
Customer is solely responsible for the lawfulness of the Personal Data it submits and the processing instructions it gives, including: obtaining all necessary consents and providing all required notices to data subjects; honoring opt-outs and do-not-contact requests; and complying with all laws governing its outreach, including the TCPA, CAN-SPAM, state telemarketing and recording-consent laws, and the rules governing calling windows and abandoned calls. The Services provide controls (consent capture, opt-out/DNC handling, calling-window and recording settings) to assist, but the Customer determines how they are used.
SBHelpGroup LLC ensures that persons authorized to process Personal Data are bound by appropriate confidentiality obligations and access Personal Data only as needed to provide the Services.
SBHelpGroup LLC maintains technical and organizational measures appropriate to the risk, including: encryption of data in transit (TLS) and encryption of sensitive credentials at rest; role-based access controls and least-privilege access; tenant isolation so each Customer's data is logically separated; audit logging of administrative actions; regular backups; and monitoring of its infrastructure.
Customer authorizes SBHelpGroup LLC to engage Sub-processors to provide the Services. Current Sub-processors include infrastructure, payment, communications, and AI providers (for example, hosting/SIP and telephony carriers, Stripe for payments, and AI model providers for AI features). SBHelpGroup LLC imposes data-protection obligations on Sub-processors no less protective than those in this DPA and remains responsible for their performance. We will make available a current list of Sub-processors on request and give reasonable notice of material changes.
Taking into account the nature of the processing, SBHelpGroup LLC will provide reasonable assistance — through Service features or otherwise — to enable Customer to respond to data subject requests to access, correct, delete, or port their Personal Data, and to handle objections and opt-outs.
SBHelpGroup LLC will notify Customer without undue delay after becoming aware of a Personal Data breach affecting Customer's Personal Data, and will provide information reasonably available to assist Customer in meeting its own notification obligations.
Upon termination of the Services, SBHelpGroup LLC will, at Customer's choice, delete or make available for export the Personal Data, and will delete existing copies within a commercially reasonable period unless retention is required by law. Routine backups are purged on a rolling schedule.
SBHelpGroup LLC will make available information reasonably necessary to demonstrate compliance with this DPA and will allow for and contribute to reasonable audits, subject to confidentiality and reasonable scheduling, scope, and frequency limits.
The Services are operated from the United States. Where Personal Data is transferred across borders, the parties will rely on a lawful transfer mechanism where one is required by applicable Data Protection Laws.
Each party's liability under this DPA is subject to the limitations and exclusions of liability set out in the Terms of Service. This DPA does not expand either party's aggregate liability beyond what the Terms provide.
This DPA is governed by the laws of the Commonwealth of Pennsylvania and the United States, consistent with the Terms of Service, except where mandatory Data Protection Laws require otherwise.
For data-protection matters, including data subject requests and Sub-processor information, contact: dhanna@sbhelpgroup.com · SBHelpGroup LLC, 25 Wick Avenue, Hermitage, PA 16148.