Terms of Service, Privacy Policy & Data Processing

DigitalRealtyX, LLC d/b/a DRXCRM
Last Updated: February 19, 2026

1. Agreement and Acceptance

These Terms of Service (“Terms” or “Agreement”) govern access to and use of the DRXCRM platform, including any websites, applications, dashboards, software, messaging tools, automation systems, pop-up and form tools, APIs, integrations, content tools, support services, and related features (collectively, the “Services”) provided by DigitalRealtyX, LLC d/b/a DRXCRM (“DRXCRM,” “Company,” “we,” “us,” or “our”).

By registering for, accessing, or using the Services, you (“Customer,” “you,” or “your”) agree to be bound by these Terms. If you are accepting these Terms on behalf of a legal entity, you represent and warrant that you have authority to bind that entity.

If you do not agree, do not use the Services.

2. Order Forms and Precedence

If Customer executes an order form, statement of work, subscription agreement, or other written commercial document referencing these Terms (each an “Order Form”), the Order Form will control only with respect to commercial terms (fees, subscription term, plan tier, usage limits, and similar items). These Terms control for all other matters unless the Order Form expressly overrides a specific section by name.

3. Definitions

For purposes of these Terms:

“Customer Data” means all data, content, records, files, contact lists, messages, and materials submitted to or processed through the Services by or on behalf of Customer, including End-User Data.

“End User” means any individual interacting with Customer via pop-ups, forms, landing pages, messaging campaigns, or Customer’s websites or properties.

“End-User Data” means personal data or information provided by End Users through Customer’s marketing or operational workflows, including names, emails, phone numbers, IP addresses, preferences, opt-in records, form responses, and message logs.

“Personal Data” has the meaning under applicable privacy laws (including GDPR, where applicable).

“High-Volume Messaging” means messaging usage that meets or exceeds carrier, aggregator, or regulatory thresholds requiring dedicated registration, advanced vetting, dedicated 10DLC, or short code. For reference only, many industry frameworks treat 36,000 messages per month as a common inflection point, but actual thresholds may vary.

“Carrier Requirements” means rules, policies, and technical requirements imposed by mobile carriers, aggregators, and industry registries (including The Campaign Registry (TCR) and 10DLC frameworks), as updated from time to time.

4. Nature of Services and Role Allocation

DRXCRM provides a technology platform that enables Customers to configure and execute workflows, including marketing and communications. Customer controls and is solely responsible for:

What data is collected

What content is sent

Who receives communications

Whether communications are lawful

Whether consent is valid

Whether disclosures are presented

Whether opt-out mechanisms exist and function

Whether Customer complies with privacy and messaging laws

DRXCRM is not the advertiser, sender, or initiator of Customer’s communications for purposes of legal compliance unless DRXCRM expressly agrees in a signed writing to perform a defined campaign management service with specified responsibilities.

5. Customer Responsibilities

Customer is solely responsible for:

Compliance with laws: TCPA, CAN-SPAM, FTC advertising rules, state privacy laws, CCPA/CPRA, GDPR (if applicable), and any other applicable law, regulation, or industry standard.

Consent management: obtaining and maintaining valid consent, including prior express written consent for SMS where required.

Disclosure requirements: ensuring forms, pop-ups, landing pages, and opt-in flows include required disclosures, including identifying the sender as Customer.

Recordkeeping: maintaining verifiable consent records and opt-out records.

Consumer rights: responding to consumer data requests where required.

Customer policy links: maintaining and displaying Customer’s own privacy policy and terms on Customer’s properties where required.

List hygiene: ensuring contact lists are lawfully sourced and maintained, and are not purchased or scraped in violation of law or platform rules.

Customer represents and warrants that Customer has all rights and permissions necessary to provide Customer Data to DRXCRM and to direct DRXCRM to process Customer Data.

6. Messaging Specific Terms (SMS, MMS, A2P)

6.1 TCPA and Consent

Customer acknowledges that SMS and MMS communications are regulated and can create significant liability. Customer agrees:

Customer is solely responsible for obtaining legally valid consent, including prior express written consent where required.

Consent must be documented and retained, and must be capable of being produced upon request.

Customer must include compliant opt-out instructions (for example, “Reply STOP to opt out”) in messages where required, and must honor opt-outs promptly.

Customer must identify itself (the Customer brand) in messaging content or disclosures as legally required.

DRXCRM does not provide legal advice regarding TCPA compliance, consent language, or regulatory interpretation.

6.2 Carrier Requirements, Registration, and Deliverability

Customer must comply with all Carrier Requirements, including registration obligations for 10DLC, short codes, sender IDs, and related frameworks. DRXCRM may require Customer to provide business verification information, including EIN and other documentation, to support registration and deliverability.

Customer acknowledges:

Deliverability is not guaranteed.

Carriers may filter, block, throttle, or suspend traffic for any reason.

DRXCRM is not liable for carrier actions, message filtering, or deliverability impacts.

6.3 High-Volume Messaging, Enhanced Duties, and Risk Allocation

If Customer engages in High-Volume Messaging or usage that triggers heightened scrutiny, Customer must:

Use properly registered dedicated messaging routes where required.

Maintain robust consent logs, including timestamp, method, source page, disclosure shown, and any confirmation steps.

Maintain suppression lists and opt-out handling.

Monitor complaint rates, opt-outs, and deliverability metrics.

Immediately remediate any carrier, registry, or aggregator compliance warnings.

Customer acknowledges and agrees that any regulatory claims, class actions, carrier penalties, or enforcement actions arising from Customer’s messaging practices are solely Customer’s responsibility.

6.4 Proof of Consent and Audit Rights

DRXCRM may request evidence of consent and compliance documentation (including opt-in flows, screenshots, logs, and consent capture details). Customer must provide reasonable evidence within a commercially reasonable timeframe.

If Customer fails to provide adequate evidence, DRXCRM may suspend messaging, throttle sending, or terminate messaging functionality, in each case without liability.

6.5 Prohibited Messaging Uses

Customer must not use the Services for:

Unlawful messages, deceptive marketing, or prohibited content.

Harassment, threats, or abusive content.

Messages to numbers without valid consent where required.

Messages in violation of carrier restrictions or registry rules.

Any content involving illegal products or regulated goods in violation of carrier rules.

7. Acceptable Use and Restrictions

Customer must not:

Reverse engineer, decompile, or attempt to derive source code.

Interfere with, disrupt, or bypass security.

Use the Services to distribute malware, spyware, or harmful code.

Access accounts or data without authorization.

Use the Services in a way that violates laws or third-party rights.

DRXCRM may suspend or terminate Services for suspected violations.

8. Customer Data Ownership and License

As between the parties, Customer owns Customer Data. Customer grants DRXCRM a limited, worldwide, non-exclusive right to host, process, transmit, and display Customer Data solely to provide the Services, support, and platform improvements (including troubleshooting, security, and performance).

9. Confidentiality

Each party may receive confidential information from the other. Each party agrees to:

Use confidential information only to perform obligations under these Terms.

Protect confidential information using reasonable care.

Not disclose confidential information except to permitted personnel and contractors bound by confidentiality.

Confidentiality does not apply to information that is publicly available, independently developed, or lawfully obtained without restriction.

10. Fees, Taxes, and Payment

Customer will pay fees as stated in the Order Form or plan terms. Fees are non-refundable except as required by law or expressly provided in writing.

Customer is responsible for all taxes, levies, and duties, excluding DRXCRM’s income taxes.

11. Service Providers and Subcontractors

DRXCRM may use third-party service providers (including hosting, analytics, payment processing, email delivery, and messaging providers) to provide the Services. DRXCRM may replace providers over time.

12. Disclaimers

THE SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE.” DRXCRM DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND ANY WARRANTIES ARISING FROM COURSE OF DEALING OR USAGE OF TRADE.

DRXCRM DOES NOT WARRANT THAT THE SERVICES WILL BE ERROR-FREE, UNINTERRUPTED, OR THAT ANY PARTICULAR BUSINESS OUTCOME WILL BE ACHIEVED.

13. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW:

DRXCRM WILL NOT BE LIABLE FOR INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR FOR LOSS OF PROFITS, REVENUE, DATA, OR GOODWILL, EVEN IF ADVISED OF THE POSSIBILITY.

DRXCRM WILL NOT BE LIABLE FOR (A) CUSTOMER’S COMPLIANCE FAILURES, (B) TCPA CLAIMS, (C) CARRIER FILTERING OR BLOCKING, (D) REGULATORY FINES, OR (E) CLASS ACTION DAMAGES ARISING FROM CUSTOMER’S MESSAGING.

DRXCRM’S TOTAL LIABILITY UNDER THESE TERMS WILL NOT EXCEED THE TOTAL FEES PAID BY CUSTOMER TO DRXCRM IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

14. Indemnification

Customer will indemnify, defend, and hold harmless DRXCRM and its officers, directors, members, employees, agents, affiliates, and contractors from and against any and all claims, actions, demands, investigations, penalties, fines, damages, liabilities, costs, and expenses (including attorneys’ fees) arising out of or related to:

Customer’s marketing content and practices

Customer’s failure to obtain consent or provide required disclosures

TCPA, CAN-SPAM, CCPA/CPRA, GDPR, or other violations

High-volume messaging violations or carrier noncompliance

Customer Data, including alleged unlawful sourcing or use

15. Suspension and Termination

DRXCRM may suspend or terminate access to the Services immediately if:

Customer violates these Terms

Messaging activity creates legal or carrier risk

Customer fails to provide proof of consent upon request

Customer activity threatens platform integrity or other customers

Upon termination, Customer’s right to use the Services ceases. Data export may be available subject to plan terms.

16. Arbitration and Class Action Waiver (Recommended for Maximum Protection)

To the fullest extent permitted by law, any dispute arising out of or relating to these Terms will be resolved by binding arbitration administered by a recognized arbitration provider in Florida. CUSTOMER AND DRXCRM WAIVE THE RIGHT TO A JURY TRIAL AND WAIVE THE RIGHT TO PARTICIPATE IN A CLASS ACTION OR CLASS ARBITRATION.

If this section is not desired, it can be removed, but it is a strong risk reducer.

17. Governing Law and Venue

These Terms are governed by the laws of the State of Florida, without regard to conflict of law rules.

18. Miscellaneous

Assignment, severability, waiver, entire agreement, and amendments apply. DRXCRM may update these Terms by posting an updated version and changing the “Last Updated” date. Material changes may be notified by email or in-product notice.

PRIVACY POLICY

1. Scope and Overview

This Privacy Policy (“Policy”) describes how DRXCRM collects, uses, discloses, and processes

information:

About businesses and individuals who use DRXCRM as Customers

About End Users whose information is processed through Customer-controlled pop-ups, forms, landing pages, messaging, and other workflows

This Policy does not replace Customer’s own privacy policy. Customers are responsible for providing their own privacy disclosures to End Users.

2. Controller and Processor Roles

When Customer uses DRXCRM to collect End-User Data through Customer campaigns:

Customer is the Data Controller (or “Business” under certain laws).

DRXCRM is the Data Processor or Service Provider processing data on Customer’s behalf.

DRXCRM does not determine the purpose or lawful basis for End-User Data collection by Customer.

3. Information DRXCRM Collects and Stores

3.1 Personal Information (Customer Account Data)

When registering, subscribing, or contacting DRXCRM, we may collect:

Name, email, phone number

Company name, address, business information

Login credentials and authentication data

Billing and payment information (processed through Stripe; DRXCRM does not store full card data)

Support communications and account records

3.2 Data, Diagnostic, and Login Information

We may collect:

Customer-provided content stored in the platform (logos, templates, brand settings, workflows, contact lists, messages)

Diagnostics and error logs

Browser, device, and session information

Cookies or local storage data to support login and user experience

3.3 Analytics and Tracking Information

We collect usage data such as:

IP address

Browser type and language

Pages viewed, clicks, time on page

Referring URLs

Platform usage metrics

We may use analytics and advertising vendors (including Google Analytics and AdRoll or similar). Users can manage cookies through browser controls and industry opt-out tools.

3.4 End-User Data Processed on Behalf of Customers

DRXCRM may process End-User Data at Customer direction, including:

Names, email addresses, phone numbers

Form submissions and answers

Opt-in status and consent-related metadata

Message logs and delivery status

IP address and device identifiers

Interaction events (opens, clicks, page triggers) depending on configuration

DRXCRM does not sell End-User Data.

4. How DRXCRM Uses Information

We use information to:

Provide and operate the Services

Authenticate users and prevent fraud

Provide customer support

Improve platform performance and features

Monitor and secure the platform

Process payments (through Stripe)

Comply with legal obligations

Conduct internal analytics and reporting

End-User Data is processed solely on behalf of Customer and under Customer’s instructions.

5. Disclosures and Sharing

We may share information:

With service providers (hosting, storage, payment processing, analytics, messaging delivery, email delivery) under contractual obligations

If required by law or valid legal process

To protect rights, security, or investigate fraud

In connection with business transfers (merger, acquisition, asset sale)

DRXCRM does not sell personal information.

6. Cookies and Similar Technologies

We use cookies and similar technologies for:

Authentication and session management

Analytics and performance

Feature functionality and preferences

Advertising measurement and retargeting where enabled

Customer is responsible for presenting cookie consent banners and disclosures on Customer websites where required.

7. Data Retention

We retain Customer account data while the account is active and as needed for legitimate business purposes. End-User Data is retained based on Customer instructions, subscription status, and operational requirements. Backups may persist for limited periods.

8. Security

We maintain commercially reasonable administrative, technical, and organizational security measures. No system is completely secure. Customer is responsible for securing Customer credentials and access controls.

9. Consumer Rights (CCPA/CPRA, GDPR, and Similar Laws)

Depending on jurisdiction, individuals may have rights to access, delete, correct, or restrict processing.

Because Customer is the controller for End-User Data, End Users should direct requests to the relevant Customer. DRXCRM will assist Customers as required under applicable law and contract.

10. International Transfers

Data may be processed in the United States and other jurisdictions. If GDPR applies, transfer mechanisms may be implemented in the DPA.

11. Children

The Services are not intended for children under 13, and Customer must not knowingly collect information from children in violation of applicable law.

12. Changes to this Policy

We may update this Policy by posting an updated version and updating the “Last Updated” date. Material changes may be communicated via email or within the platform.

13. Contact

Questions: [email protected]
DigitalRealtyX, LLC

DATA PROCESSING ADDENDUM (DPA)

This Data Processing Addendum (“DPA”) forms part of the Terms of Service and governs DRXCRM’s processing of Personal Data on behalf of Customer where privacy laws require a processor agreement (including GDPR where applicable).

1. Roles

Customer is the Controller. DRXCRM is the Processor (or Service Provider under certain US state laws) with respect to End-User Data.

2. Scope and Instructions

DRXCRM will process Personal Data only:

To provide the Services

On documented instructions from Customer

As necessary to support security, integrity, and support functions

3. Categories of Data and Data Subjects

Data subjects: Customer End Users and Customer personnel.
Data categories may include: contact data, identifiers, device and usage data, message logs, opt-in metadata, and form submission content.

4. Confidentiality

DRXCRM will ensure personnel authorized to process Personal Data are bound by confidentiality obligations.

5. Security Measures

DRXCRM will implement appropriate technical and organizational measures designed to protect Personal Data. Specific measures may be documented in a security appendix or provided upon request subject to confidentiality.

6. Subprocessors

Customer authorizes DRXCRM to use subprocessors for hosting, analytics, payment processing, and messaging delivery. DRXCRM will impose data protection obligations on subprocessors consistent with this DPA.

7. Assistance with Data Subject Requests

DRXCRM will assist Customer, to the extent required by law, with responding to data subject requests, considering the nature of processing and available technical measures.

8. Breach Notification

DRXCRM will notify Customer without undue delay after becoming aware of a confirmed personal data breach involving Customer Personal Data, and will provide information reasonably necessary for Customer to comply with breach notification obligations.

9. Audits

Customer may request reasonable information to confirm DRXCRM’s compliance with this DPA. If Customer requests an audit, it must be:

No more than once annually unless a breach occurs

Conducted during business hours

Subject to reasonable confidentiality and security restrictions

Not disruptive to DRXCRM operations

10. High-Volume Messaging Safeguards and Compliance Documentation

If Customer uses High-Volume Messaging:

Customer remains solely responsible for lawful consent, disclosures, and opt-out compliance.

DRXCRM may require Customer to provide consent records, registration evidence, opt-in flow screenshots, and compliance documentation.

DRXCRM may suspend messaging if documentation is insufficient or carrier risk arises.

DRXCRM acts solely as transmission and automation infrastructure under Customer’s control.

11. Return or Deletion

Upon termination, DRXCRM will delete or return Customer Personal Data upon request, subject to reasonable backup retention and legal obligations.

12. Cross-Border Transfers (If GDPR Applies)

If required, the parties may implement appropriate transfer mechanisms, including standard contractual clauses, as an appendix.

13. Liability

Liability under this DPA is subject to the limitations of liability in the Terms of Service.