Last Updated: January 8, 2026
This Data Processing Agreement (the “Agreement”) supplements the Terms of Service available at **https://sendsure.ai/terms-of-service/** (the “Terms”) concluded between the Client and SendSure (Client and SendSure hereinafter collectively the “Parties” or individually a “Party”).
By accepting the Terms, the Client enters into this Agreement on behalf of itself and, to the extent applicable, in the name and on behalf of its Authorized Affiliates. For the purposes of this Agreement only, and except where indicated otherwise, the term “Client” shall include Client and Client’s Authorized Affiliates.
In this Agreement, the following definitions shall apply:
“Authorized Affiliates” means any of Client’s Affiliate(s) which (i) is subject to the Data Protection Laws, and (ii) is permitted to use the Services pursuant to the Terms between Client and SendSure but has not entered into its own Terms with SendSure.
“Client” and “Controller” means the entity that has entered into the Terms with SendSure.
“Client Data” and “Personal Data” shall mean the personal data submitted by the Client to the Services and processed on behalf of the Client by SendSure as a Processor, as further specified in Section 4 of this Agreement.
“Data Protection Laws” means applicable privacy, security and personal information protection laws and regulations applicable to the Client and/or SendSure, including, but not limited to, the European General Data Protection Regulation (EU 2016/679) (the “GDPR”); European national laws implementing derogations, exceptions or other aspects of the GDPR; Personal Information Protection and Electronic Documents Act (Canada) (the “PIPEDA”); the California Consumer Privacy Act of 2018, as amended from time to time (the “CCPA”); California Privacy Rights Act of 2020 (the “CPRA”) as well as the GDPR, as transposed into United Kingdom national law by operation of section 3 of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (as amended or replaced from time to time) (the “UK GDPR”); Federal Act on Data Protection of 1992, as amended (Switzerland) (the “FADP”).
“Data Privacy Framework” shall mean the EU-U.S. Data Privacy Framework, the Swiss-U.S. Data Privacy Framework, and the UK Extension to the EU-U.S. Data Privacy Framework.
“Data Privacy Framework Principles” shall mean the principles applicable to the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework, and which present a set of requirements governing the participating organizations’ use and treatment of personal data received from the EU, UK or Switzerland, as applicable.
“Data Subject” shall have the meaning of “data subject” as defined in Art. 4(1) of the GDPR.
“SendSure” and “Processor” shall mean AI Brain Labs, Inc., a Delaware C Corporation registered in the United States and headquartered at 800 N King Street Suite 304 -1780 Wilmington, DE, 19801 US.
“EU” shall mean the European Union.
“EU-U.S. Data Privacy Framework” shall mean the EU-U.S. data transfer mechanism developed by the U.S. Department of Commerce which was recognized by the European Commission Implementing Decision of 10 July 2023 to provide an adequate level of protection of personal data pursuant to the GDPR.
“Services” shall mean the services provided by SendSure pursuant to the Terms, including in particular the provision of email verification service ‘SendSure’ available at https://sendsure.ai.
“Swiss-U.S. Data Privacy Framework” shall mean the Swiss-U.S. data transfer mechanism to be recognized by the Swiss Federal Administration’s adequacy decision under the FADP.
“Third Country” shall mean any country outside the EU not recognized by the European Commission as providing an adequate level of protection for Personal Data.
“UK Extension to the EU-U.S. Data Privacy Framework” shall mean the UK-U.S. data transfer mechanism which was recognized by the UK Government decision effective as of 12 October 2023 to provide an adequate level of protection of personal data pursuant to the UK GDPR.
The terms “Data Subject”, “Sub-Processor”, “Processing”, and “Personal Data Breach”, and where applicable “Business”, “Commercial Purpose”, “Consumer”, “Personal Information”, “Service Provider”, “Sell” and “Verifiable Consumer Request”, unless specifically defined otherwise herein, shall bear the respective meanings given to them in the applicable Data Protection Laws. With respect to any Personal Data subject to the CCPA, the Parties acknowledge that the Client is a “Business” and SendSure is a “Service Provider” as those terms are defined in the CCPA.