CinglePoint Trust Center — GDPR & Data Protection
Effective Date: November 11, 2025 — Operated by CinglePoint LLC ("CinglePoint," "we," "us," or "our").
CinglePoint is committed to protecting personal data and supporting our customers' compliance with the EU General Data Protection Regulation (GDPR), the UK GDPR, and other global privacy laws. This page summarizes our program, technical and organizational measures, and customer resources.
Transparency
Clear notices, documented sub-processors, and straightforward data flows.
Security by Default
Encryption in transit, access controls, logging, and least-privilege administration.
Data Subject Rights
Processes to help you respond to access, deletion, and other rights requests.
GDPR Overview
The GDPR is a comprehensive privacy framework that sets out principles for processing personal data of individuals in the EU/EEA (and, via UK GDPR, in the UK). It emphasizes lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, and accountability. CinglePoint aligns its policies and controls to these principles.
Scope & Roles
In most cases, CinglePoint acts as a data processor for customer content processed through the CinglePoint platform, and our customers act as data controllers. For our own Website, marketing, and business operations, CinglePoint acts as a controller. Our Privacy Statement explains our controller activities.
- Processor activities: hosting, storing, transmitting, and otherwise processing customer data under a DPA.
- Controller activities: site analytics, lead management, customer communications, billing, and service improvement.
Lawful Bases
As a processor, we process personal data per our customers' documented instructions and lawful bases. As a controller, our typical bases include: contract performance, legitimate interests (balanced against data subject rights), legal obligations, and where applicable, consent. See our Privacy Statement for details.
Data Subject Rights (DSR)
We support customers' responses to data subject requests (access, correction, deletion, restriction, portability, objection, and automated-decision rights where applicable).
- Authenticate the requester's identity and authority.
- Locate relevant data (application logs, records, attachments).
- Act using platform tools and administrative workflows.
- Record request, actions taken, and outcome for audit.
DSR inquiries can be initiated via your CinglePoint admin or by contacting us at support@cinglepoint.com. For controller requests related to CinglePoint's own operations, see our Privacy Statement.
International Transfers
Where personal data is transferred outside the EEA/UK/Switzerland, we implement appropriate safeguards (e.g., EU Standard Contractual Clauses, UK addendum/IDTA, and supplementary measures). We also conduct transfer risk assessments where required and monitor regulatory updates.
Sub-processors
We maintain a list of authorized sub-processors who support delivery of the CinglePoint platform (e.g., infrastructure, email delivery, analytics strictly for service operations). We perform diligence and bind them by data protection terms.
- Contractual commitments (confidentiality, security, privacy requirements)
- Scope limitation and documented instructions
- Risk-based onboarding and periodic reviews
See: Current Sub-processor List (subscribe for change notifications).
Security & Compliance
CinglePoint employs layered safeguards to protect personal data. Controls include, as applicable:
- Encryption in transit (TLS)
- Role-based access & least privilege
- Multi-factor admin access
- Segregated environments
- Logging & audit trails
- Secure SDLC & change management
- Vulnerability management
- Business continuity & backups
- Vendor risk management
- Security awareness training
We can provide additional details (e.g., security overview, SIG/CAIQ responses) upon request: support@cinglepoint.com.
Data Retention
We retain personal data for as long as necessary to deliver the services, comply with legal obligations, resolve disputes, and enforce agreements. Customers may configure retention where available in product settings. Backups are held for limited, defined periods and then securely disposed of.
Privacy by Design & Default
We embed privacy and security reviews into product planning, follow data minimization practices, and limit access to personal data to personnel with a legitimate need. Data protection impact assessments (DPIAs) are supported where required.
Incident Response
We maintain an incident response plan that includes detection, triage, containment, remediation, and communication steps. In the event of a personal data breach affecting customers, we will notify impacted customers without undue delay in accordance with our contractual obligations.
Cookies
We use cookies and similar technologies for required functionality, performance, and (where permitted) advertising/analytics. Manage preferences in our Cookies Preference Center. See the full Cookies Policy.
Children
CinglePoint does not knowingly collect personal data from children under 16 for its services or website. If you believe a child has provided personal data, contact support@cinglepoint.com so we can take appropriate action.
Documents & Resources
Data Processing Addendum (DPA)
Standard terms for processing personal data on your behalf.
Download DPA (PDF)FAQs
Contact & DPO
Questions, requests, or privacy concerns:
CinglePoint — Privacy
Email: support@cinglepoint.com
Data Controller: CinglePoint LLC.