MeasurelyMeasurely
Get started

Last updated: March 2026

Data Processing Agreement

This Data Processing Agreement ("DPA") forms part of the agreement between you ("Controller") and Measurely ("Processor") for the use of the Measurely platform ("Service"). It sets out how we process personal data on your behalf in accordance with applicable data protection law, including the UK GDPR and EU GDPR where applicable.

By using the Service you agree to the terms of this DPA.

1. Definitions

  • Controller — the entity that determines the purposes and means of processing personal data (you, the Measurely customer).
  • Processor — the entity that processes personal data on behalf of the Controller (Measurely).
  • Personal Data — any information relating to an identified or identifiable natural person, as defined under applicable data protection law.
  • Processing — any operation performed on personal data, including collection, storage, use, and deletion.
  • Sub-processor — any third party engaged by the Processor to process personal data on behalf of the Controller.

2. Scope and nature of processing

Measurely processes personal data solely to provide the Service as described in our Privacy Policy and your subscription agreement. The categories of personal data processed may include:

  • Email addresses of account users and report recipients
  • Google Ads account data including campaign performance metrics (this data does not typically include end-user personal data, but may do so depending on your account configuration)
  • Session identifiers and authentication tokens

Processing takes place for the duration of your active subscription and for up to 30 days after termination, after which data is deleted.

3. Controller obligations

As Controller, you agree to:

  • Ensure you have a lawful basis for sharing personal data with Measurely and for the processing carried out under this DPA
  • Ensure you have obtained any necessary consents from your clients before connecting their Google Ads accounts to the Service
  • Comply with all applicable data protection laws in connection with your use of the Service
  • Notify Measurely promptly of any instruction that would cause us to breach applicable data protection law

4. Processor obligations

As Processor, Measurely agrees to:

  • Process personal data only on your documented instructions and not for any other purpose
  • Ensure that all personnel with access to personal data are bound by appropriate confidentiality obligations
  • Implement appropriate technical and organisational security measures to protect personal data against unauthorised access, loss, or destruction, including AES-256 encryption of stored credentials and TLS for all data in transit
  • Assist you, where possible and reasonable, in fulfilling your obligations to respond to data subject requests (access, erasure, portability, etc.)
  • Notify you without undue delay — and in any event within 72 hours of becoming aware — of any personal data breach that affects your data
  • Delete or return all personal data upon termination of the Service, as described in our Privacy Policy
  • Make available to you all information reasonably necessary to demonstrate compliance with this DPA upon written request

5. Sub-processors

You provide general written authorisation for Measurely to engage sub-processors. Our current sub-processors are:

  • Vercel Inc. — application hosting (United States)
  • MongoDB Atlas — account and configuration data storage
  • ClickHouse Cloud — analytics data storage
  • Stripe Inc. — payment processing (United States)
  • Resend / SMTP provider — transactional email delivery
  • Google LLC — Google Ads API access and Google OAuth

We will notify you of any intended addition or replacement of sub-processors with at least 14 days' notice, giving you the opportunity to object. If you object and we cannot accommodate the objection without material impact on the Service, you may terminate your subscription.

6. International data transfers

Some of our sub-processors are located outside the UK or EEA. Where personal data is transferred to a country without an adequacy decision, we rely on appropriate safeguards such as Standard Contractual Clauses or the UK International Data Transfer Agreement as applicable.

7. Data subject rights

If we receive a request directly from a data subject relating to personal data processed on your behalf, we will promptly forward it to you. We will not respond to such requests directly without your authorisation, except where required by law.

8. Audits

You may request an audit of our data processing practices with at least 30 days' written notice, no more than once per year, and at your own cost. Audits must be conducted in a manner that does not disrupt our operations or compromise the security or privacy of other customers.

9. Term and termination

This DPA remains in effect for as long as Measurely processes personal data on your behalf. It will terminate automatically when your subscription ends and all data has been deleted in accordance with our retention policy.

10. Contact

For data protection enquiries or to exercise rights under this DPA, contact us at privacy@measurely.io.