Last updated: May 7, 2026
Need a signed DPA?
Email hello@cadento.co with your company details and we'll send you a countersigned copy within 2 business days.
In this Data Processing Agreement ("DPA"):
This DPA applies to the processing of Personal Data by Cadento in connection with the Cadento service, including data synced from your Klaviyo account.
Cadento acts as a Processor. You (the Customer) act as the Controller. You determine what data to sync and how to use the Cadento service. Cadento processes that data only on your instructions and in accordance with this DPA.
When you connect Klaviyo, Cadento may process:
Cadento does NOT process:
Our OAuth scopes are read-only:
accounts:read campaigns:read templates:readfile_content:readCadento will process Personal Data only on your documented instructions, which include:
If we believe an instruction violates Data Protection Laws, we will inform you and may refuse to carry out that instruction.
Cadento implements appropriate technical and organizational measures to protect Personal Data, including:
Cadento engages the following sub-processors to provide the service:
| Sub-processor | Purpose | Location |
|---|---|---|
| Vercel Inc. | Application hosting | United States |
| Neon (Neon, Inc.) | Database hosting | United States (AWS) |
| ScreenshotOne | Email screenshot generation | Europe |
| Klaviyo, Inc. | Source of campaign data | United States |
| Figma, Inc. | Design file screenshots | United States |
Notice of changes: If we add a new sub-processor, we will update this list and notify you at least 30 days in advance. You may object to the new sub-processor by emailing hello@cadento.co within 30 days. If we cannot accommodate your objection, you may terminate your account and we will refund any prepaid fees.
If you receive a request from a data subject (e.g., someone who received an email from you) to exercise their rights under Data Protection Laws (access, deletion, portability, etc.), you are responsible for responding.
Cadento will assist you to the extent reasonably necessary by:
Note: Since Cadento does not store individual recipient data, most data subject requests should be directed to Klaviyo, where the underlying customer lists are stored.
If Cadento becomes aware of a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data ("Data Breach"), we will:
Upon reasonable written request and with at least 30 days' notice, you may audit Cadento's compliance with this DPA, subject to:
Alternatively, we may provide you with a recent SOC 2 or ISO 27001 audit report from our sub-processors in lieu of a direct audit.
All data is stored in the United States. If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the transfer of Personal Data to the U.S. is governed by:
If you require a signed copy of the SCCs, email hello@cadento.co.
Each party's liability under this DPA is subject to the limitations of liability set forth in our Terms of Service.
To the extent permitted by law, Cadento's total liability for any claims arising from or related to this DPA shall not exceed the amount you paid us in the twelve (12) months prior to the event giving rise to the claim.
This DPA takes effect when you create a Cadento account and remains in effect until:
Upon termination, Cadento will delete or return all Personal Data within 30 days, unless legally required to retain it.
This DPA is governed by the same law as our Terms of Service. In the event of a conflict between this DPA and our Terms of Service, this DPA shall prevail with respect to data processing matters.
Questions about this DPA or need a signed copy? Contact us:
Email: hello@cadento.co