Last Updated: 23.05.2025
These Terms of Service ("Terms") form a legally binding agreement between you (either an individual or the entity you represent, "Customer" or "you") and Expanly Oy (Business ID 3506966-5), a company incorporated under the laws of Finland with its registered address at Siltasaarenkatu 12 A, 00530 Helsinki ("Expanly", "we", "our" or "us").
By clicking “Sign up”, creating an account, or otherwise accessing or using the Expanly platform, websites, or related services (collectively, the "Service"), you acknowledge that you have read, understood, and agree to be bound by these Terms of Service, which include and incorporate our Data Processing Agreement (see Appendix 1 below). If you do not agree, you must not use the Service.
NOTE: These Terms apply to self-service subscriptions completed online without a separately signed contract. If you have executed a master software-service agreement with Expanly, that agreement will govern to the extent of any conflict.
1. Agreement to the Terms
By accessing or using the Service, clicking “Sign up” or executing an Order referencing these Terms, you agree to be bound by this Agreement (defined below). If you are entering into this Agreement on behalf of a company or other legal entity, you represent that you have authority to bind that entity; "Customer", "you" and "your" refer to that entity. If you do not agree, do not access or use the Service.
2. Definitions
"Agreement" means these Terms of Service together with any Order and any policies referenced herein.
"Content" means data, materials, code, files, and information you (including Users) upload to, or generate in, the Service.
"Documentation" means Expanly’s user guides, API documentation, or policies made available with the Service.
"Fees" means all amounts payable by Customer for the Service, as specified in the Order or at checkout.
"Order" means (a) an online subscription selection, or (b) a written ordering document signed by both parties, that identifies the subscription plan, Fees, and any additional terms.
"Service" means Expanly’s proprietary software-as-a-service marketing-performance platform and related services.
"Usage Data" means data generated from operation of the Service (e.g., log data, performance metrics, and analytics).
"User" means anyone authorised by Customer to access the Service.
3. Account Registration & Eligibility
Customer must provide accurate information when creating an account and keep such information current. Customer is responsible for Users’ compliance with this Agreement. Customer is responsible for maintaining the confidentiality and security of all User credentials and for all activities that occur under such credentials. Customer agrees to notify Expanly immediately of any unauthorized use of its account or credentials or any other breach of security. Customer is responsible for obtaining and maintaining, at its own expense, all hardware, software, and internet connections necessary to access and use the Service, and for ensuring that such systems meet any minimum system requirements specified by Expanly.
4. Licence & Acceptable Use
4.1 Licence grant. Expanly grants Customer a non-exclusive, non-transferable, non-sublicensable right for Users to access and use the Service and Documentation during the Subscription Term, solely for Customer’s internal business purposes and in accordance with the Order and this Agreement.
4.2 Restrictions. Customer will not (and will not permit anyone else to): (a) reverse engineer, decompile, or otherwise attempt to discover the source code or underlying ideas of the Service; (b) copy, frame, or mirror any part of the Service other than copying or framing on Customer’s own intranets for internal purposes; (c) access the Service to build a competitive product; (d) remove proprietary notices; or (e) use the Service in violation of law or any third-party right.
5. Customer Data; Aggregated & Anonymised Data
5.1 Ownership and licence. Customer retains all rights in Customer Content. Customer hereby grants Expanly a worldwide, royalty-free licence to host, copy, process, transmit, display and otherwise use Customer Content: (i) to provide, maintain and improve the Service; (ii) to develop, train and improve algorithms and machine-learning models; and (iii) in aggregated and de-identified form, to create, publish, and commercialise industry benchmarks, trend reports, white papers, or similar insights, provided that no Customer or individual is identifiable.
5.2 Usage Data. Expanly owns all right, title, and interest in Usage Data and may use it for any lawful purpose, including to maintain, improve, and market the Service.
5.3 Security. Expanly will implement industry-standard administrative, physical and technical safeguards designed to protect the security, integrity and confidentiality of Customer Content.
6. Fees, Billing & Payment
Fees and billing frequency are specified in the Order or on the pricing page. Unless otherwise stated: (a) amounts are in euros; (b) taxes, duties and bank charges are Customer’s responsibility; (c) recurring Fees are billed in advance and due immediately via the payment method on file or net-14 days from invoice date if invoicing is authorised; and (d) Expanly may adjust Fees by providing at least 30 days’ written or in-app notice, effective on the next renewal. Late payments accrue interest at 1.5 % per month (or the maximum rate permitted by law, if lower) and may result in suspension of the Service.
7. Services; Changes; Suspension
7.1 Service availability. Expanly will use commercially reasonable efforts to make the Service available 24 × 7, excluding scheduled maintenance. Expanly may modify the Service from time to time, provided such changes do not materially diminish core functionality.
7.2 Suspension. Expanly may immediately suspend or limit the Service if: (a) necessary to address a security threat, (b) Customer breaches Section 4, (c) Fees are past due, or (d) Customer's use of the Service is determined by Expanly, in its reasonable discretion, to be excessively burdensome, or to pose a threat to the stability, security, or availability of the Service to other users.
8. Confidentiality
8.1 Definition. "Confidential Information" means non-public information disclosed by either party that is marked or should reasonably be considered confidential, including pricing, business plans, technology, and Customer Content.
8.2 Protection. Each party will use the same degree of care it uses to protect its own confidential information (but at least reasonable care) to protect the other party’s Confidential Information, and will not use or disclose such information except as permitted by this Agreement.
8.3 Exclusions & compelled disclosure. Confidential Information does not include information that: (a) is or becomes public through no fault of the recipient; (b) was known to the recipient without confidentiality obligations before receipt; (c) is received from a third party without breach; or (d) is independently developed. A party may disclose Confidential Information when required by law, after giving reasonable notice and cooperating to seek confidential treatment.
9. Publicity & Marketing Rights
Expanly may use Customer’s name, logo, and non-confidential descriptions of the relationship in its marketing materials, website, presentations, and investor communications. Detailed performance metrics will not be published without Customer’s advance written consent.
10. Intellectual Property & Feedback
Except for the limited rights expressly granted here, Expanly and its licensors retain all rights, title, and interest in and to the Service, including all related intellectual property rights. This includes any and all generalized improvements, new features or functionalities, models, algorithms, or other developments in the Service derived from or developed as a result of processing Customer Content or Usage Data, provided that such developments do not identify the Customer or any individual, nor incorporate Customer Confidential Information in its identifiable form. Customer retains all rights in its Customer Content as specified in Section 5.1. If Customer provides suggestions or feedback, Expanly may use them without restriction or obligation.
11. Warranties & Disclaimers
11.1 Performance warranty. Expanly warrants that the Service will materially conform to the Documentation during the Subscription Term. Customer’s sole remedy for breach of this warranty is for Expanly to use reasonable efforts to correct the non-conformity.
11.2 Disclaimers. Except as expressly provided, the Service is provided “as is” and “as available,” without warranties of any kind, whether express, implied or statutory, including merchantability, fitness for a particular purpose, and non-infringement. Expanly does not warrant that the Service will be uninterrupted, error-free, or that results obtained from its use will be accurate or reliable.
12. Indemnities
12.1 Expanly indemnity. Expanly will defend Customer against third-party claims alleging that the Service infringes a valid patent, copyright, or trademark, and will pay resulting damages and costs finally awarded, provided Customer promptly notifies Expanly and cooperates. Expanly may modify or replace the Service to avoid infringement or terminate the Agreement and refund unused prepaid Fees.
12.2 Customer indemnity. Customer will defend Expanly against claims arising from (a) Customer Content, including allegations it infringes third-party rights or violates law; (b) Customer’s breach of Section 4; or (c) use of the Service in violation of law, and will pay resulting damages and costs.
12.3 Exclusions. The Expanly indemnity does not apply to claims resulting from (i) Customer’s modification of the Service, (ii) use in combination with items not provided by Expanly, or (iii) Customer’s breach of this Agreement.
13. Limitation of Liability
13.1 Cap. Expanly’s aggregate liability arising out of or related to this Agreement will not exceed the fees paid or payable by Customer to Expanly in the twelve (12) months immediately preceding the first event giving rise to liability.
13.2 Exclusion of consequential damages. In no event will either party be liable for indirect, incidental, special, consequential or punitive damages, or loss of profits, revenue, data, or business, even if advised of the possibility.
13.3 Exceptions. The limitations above do not apply to (i) a party’s indemnification obligations; (ii) breach of confidentiality; or (iii) a party’s wilful misconduct or fraud.
14. Term & Termination
14.1 Term. The Agreement begins on the Effective Date and continues for the initial Subscription Term stated in the Order. Subscriptions renew automatically for successive terms of equal length unless either party gives notice of non-renewal at least 10 days before the renewal date.
14.2 Termination for cause. Either party may terminate the Agreement (a) upon 30 days’ written notice if the other party materially breaches and fails to cure, or (b) immediately if the other party becomes insolvent or enters bankruptcy.
14.3 Effect of termination. Upon termination, Customer’s licence ends and Customer must cease use of the Service. Within 60 days of termination, Expanly will delete Customer Content from production systems, except to the extent retention is required by law or necessary for legitimate business purposes in anonymised form.
15. Data Return & Export Tools
For 30 days after termination (the “Retrieval Period”) Customer may export Customer Content using the Service’s self-service tools at no charge. After the Retrieval Period, Expanly has no obligation to retain Customer Content.
16. Data Protection
Expanly is committed to processing personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (GDPR). Customer is responsible for ensuring that any Customer Content it provides to Expanly, including any personal data therein, complies with all applicable legal and regulatory requirements, including data protection laws. Customer warrants that it has obtained all necessary consents and has all necessary rights to provide such personal data to Expanly for processing in connection with the Service. The parties agree to enter into a separate Data Processing Agreement (DPA) if required by applicable law or upon reasonable request.
17. Use of Subcontractors
Expanly may use subcontractors or other third-party providers to perform its obligations under this Agreement, including the provision of the Service or parts thereof. Expanly will remain responsible for the performance of its subcontractors and their compliance with Expanly's obligations under this Agreement.
18. Force Majeure
Neither party shall be liable for any failure or delay in performing its obligations hereunder (other than payment obligations) if such failure or delay is caused by a Force Majeure Event. A "Force Majeure Event" means any event beyond a party's reasonable control, which by its nature could not have been foreseen, or, if it could have been foreseen, was unavoidable, including strikes, lock-outs or other industrial disputes (whether involving its own workforce or a third party's), failure of energy sources or transport network, acts of God, war, terrorism, riot, civil commotion, interference by civil or military authorities, national or regional calamity, armed conflict, malicious damage, breakdown of plant or machinery, nuclear, chemical or biological contamination, sonic boom, explosions, collapse of building structures, fires, floods, storms, earthquakes, loss at sea, epidemics or similar events, natural disasters or extreme adverse weather conditions, or default of suppliers or subcontractors due to any of the foregoing. The affected party will notify the other party as soon as reasonably practicable and will use reasonable efforts to mitigate the effects of the Force Majeure Event.
19. Modifications to the Terms
Expanly may update these Terms from time to time. Updated Terms become effective 30 days after posting or notice to Customer. If the change materially diminishes Customer’s rights and Customer objects before the effective date, Customer may terminate the Agreement for convenience, and Expanly will refund any unused prepaid Fees for the terminated portion of the Subscription Term.
20. Compliance & Export
Customer will comply with all applicable laws, including export control, sanctions, and anti-bribery laws. The Service is controlled and operated from facilities in the European Union and may be subject to EU export laws.
21. Governing Law & Dispute Resolution
This Agreement is governed by the laws of Finland, excluding its conflict-of-laws rules. Any dispute arising out of or related to this Agreement will be finally settled by the competent courts of Finland, except that either party may seek injunctive relief in any jurisdiction.
22. Miscellaneous
The parties are independent contractors. Neither party may assign this Agreement without the other party’s prior written consent, except that Expanly may assign to an affiliate or in connection with a merger, acquisition or sale of assets. If any provision is held unenforceable, it will be modified to the minimum extent necessary to make it enforceable, and the remaining provisions will remain in effect. This Agreement constitutes the entire agreement between the parties relating to its subject matter and supersedes all prior or contemporaneous agreements, proposals, or communications.
Questions? Contact us at contact@expanly.com
© Expanly Oy 2025. All rights reserved.
Appendix 1
Data Processing Agreement
1. Parties and Roles
1.1. This Data Processing Agreement ("DPA") forms an appendix to and is an integral part of the Terms of Service ("TOS" or "Principal Agreement") entered into between you, the user of our Services (the "Customer," also referred to as "you" or "User" in the TOS, hereinafter referred to as the "Controller" for the purposes of this DPA), and Expanly, a limited liability company (Osakeyhtiö) with its principal place of business at Siltasaarenkatu 12 A, 00530 Helsinki (hereinafter referred to as "Expanly," "we," "us," "our," or the "Processor" for the purposes of this DPA).
1.2. The terms of this DPA shall govern the processing of Personal Data by the Processor on behalf of the Controller in connection with the provision of the Services outlined in the TOS.
1.3. Definitions: * "Controller," "Processor," "Data Subject," "Personal Data," "Personal Data Breach," "Processing," and "Supervisory Authority" shall have the meanings ascribed to them in the GDPR. * "GDPR" means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). * "Services" means the services to be provided by the Processor to the Controller as defined in the Principal Agreement. * "Sub-processor" means any third party engaged by the Processor to Process Personal Data on behalf of the Controller. * The terms of this DPA shall prevail over any conflicting terms in the Principal Agreement regarding the Processing of Personal Data.
2. Subject Matter, Duration, Nature, and Purpose of Processing
2.1. Subject Matter: The subject matter of the Processing is the Personal Data provided or made available by the Controller to the Processor for the provision of the Services.
2.2. Duration: The duration of the Processing shall be for the term of the Principal Agreement and as long as the Processor Processes Personal Data on behalf of the Controller, unless terminated earlier in accordance with this DPA or the Principal Agreement, or as required by applicable law.
2.3. Nature of Processing: The nature of the Processing includes collection, storage, analysis and transmission as necessary to provide the Services.
2.4. Purpose of Processing: The purpose of the Processing is to enable the Controller to utilize the Services, which includes, but is not limited to: * Analyzing marketing campaign performance * Generating insights and recommendations for advertising and promotional strategies * Evaluating customer engagement and conversion data * Identifying high-performing products or audiences * Assisting with segmentation and targeting decisions * Enabling the use of machine learning models for predictive marketing analytics * Integrating business data (such as profit margins, inventory levels, seasonality, and ERP information) to align advertising campaigns with the Controller's business objectives. * Automating the execution of custom business rules across advertising platforms, thereby reducing manual intervention and potential errors. * Enabling proactive optimization by automatically adapting to changes in stock levels, margins, seasonality, and competitor actions in real-time. * Driving predictable and profitable growth by building a scalable, data-driven advertising engine aligned with the Controller's bottom line. All processing activities will be conducted in accordance with the Controller's documented instructions and solely for the purposes outlined above, ensuring alignment with the Controller's legitimate interests in optimizing advertising performance and return on investment.
3. Types of Personal Data and Categories of Data Subjects
3.1. Types of Personal Data: The types of Personal Data Processed may include, but are not limited to:
Customer and User Identifiers: Names (first and last), Email addresses, User/customer IDs, IP addresses, Device identifiers.
Contact and Profile Information: Phone numbers, Geographic location (e.g., shipping or billing addresses, city, country).
Behavioral and Usage Data: Website and app usage data (page views, clicks, session duration, bounce rates), Product interaction data (e.g., views, carts, purchases, returns), Ad interaction data (e.g., impressions, clicks, conversions, attribution paths).
Marketing and Advertising Data: Engagement data with email campaigns or ads, Custom audiences or segments, Preferences or inferred interests (e.g., based on behavior or segmentation rules).
Technical and System Data: Browser type and version, Operating system and platform, Timestamped logs and diagnostics. Expanly does not process sensitive personal data (e.g., racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data) unless explicitly instructed and authorized by the Controller in compliance with applicable law.
3.2. Categories of Data Subjects: The categories of Data Subjects whose Personal Data may be Processed include, but are not limited to:
Customers and Prospective Customers of the Controller: Individuals who have interacted with the Controller’s website, ecommerce platform, or marketing campaigns (e.g., site visitors, leads, and purchasers).
End-users of the Controller’s Services: Individuals who use or interact with the Controller’s digital properties (e.g., web or app users whose behavior and engagement data is collected for marketing and optimization purposes).
Employees or Marketing Team Members of the Controller: Individuals whose data may be processed to enable account access, user activity tracking, or to execute rule-based ad automation set by team members (e.g., email addresses, usernames, audit logs).
Audience Segments or Third-party Leads: Individuals included in custom audience segments or remarketing lists managed through advertising platforms, provided by or on behalf of the Controller.
4. Obligations of the Processor
4.1. Instructions: The Processor shall Process Personal Data only on documented instructions from the Controller, including with regard to transfers of Personal Data to a third country or an international organization, unless required to do so by Union or Member State law to which the Processor is subject. In such a case, the Processor shall inform the Controller of that legal requirement before Processing, unless that law prohibits such information on important grounds of public interest. The Controller's instructions are initially set out in this DPA and the Principal Agreement. The Controller may provide further instructions during the term of this DPA.
4.2. Confidentiality: The Processor shall ensure that persons authorized to Process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
4.3. Security of Processing: Taking into account the state of the art, the costs of implementation and the nature, scope, context, and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: * (a) the pseudonymization and encryption of Personal Data; * (b) the ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services; * (c) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; * (d) a process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the Processing.
4.4. Sub-processing: * (a) The Processor shall not engage another Processor (Sub-processor) without prior specific or general written authorization of the Controller. * (b) In the case of general written authorization, the Processor shall inform the Controller of any intended changes concerning the addition or replacement of other Sub-processors, thereby giving the Controller the opportunity to object to such changes within 30 days. * (c) Where the Processor engages a Sub-processor for carrying out specific Processing activities on behalf of the Controller, the same data protection obligations as set out in this DPA shall be imposed on that Sub-processor by way of a contract or other legal act under Union or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the Processing will meet the requirements of the GDPR. * (d) The Processor shall remain fully liable to the Controller for the performance of that Sub-processor's obligations. * (e) A current list of Sub-processors is available in Annex 1 to this DPA and may be updated from time to time. The Processor shall inform the Controller of any intended changes concerning the addition or replacement of other Sub-processors as per clause 4.4(b).
4.5. Data Subject Rights: Taking into account the nature of the Processing, the Processor shall assist the Controller by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Controller's obligation to respond to requests for exercising the Data Subject's rights laid down in Chapter III of the GDPR (e.g., right of access, rectification, erasure, restriction of processing, data portability, objection). The Processor shall promptly notify the Controller if it receives a request from a Data Subject under any Data Protection Law in respect of Personal Data, and shall not respond to that request except on the documented instructions of the Controller or as required by applicable laws to which the Processor is subject, in which case the Processor shall to the extent permitted by applicable laws inform the Controller of that legal requirement before the Processor responds to the request.
4.6. Assistance to the Controller: The Processor shall assist the Controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR (Security of processing, Notification of a personal data breach to the supervisory authority, Communication of a personal data breach to the data subject, Data protection impact assessment, and Prior consultation), taking into account the nature of Processing and the information available to the Processor. This includes: * (a) Notifying the Controller without undue delay after becoming aware of a Personal Data Breach. Such notification shall, as a minimum: * (i) describe the nature of the Personal Data Breach including where possible, the categories and approximate number of Data Subjects concerned and the categories and approximate number of Personal Data records concerned; * (ii) communicate the name and contact details of the data protection officer or other contact point where more information can be obtained; * (iii) describe the likely consequences of the Personal Data Breach; * (iv) describe the measures taken or proposed to be taken by the Processor to address the Personal Data Breach, including, where appropriate, measures to mitigate its possible adverse effects. Where, and in so far as, it is not possible to provide the information at the same time, the information may be provided in phases without undue further delay. * (b) Providing reasonable assistance to the Controller with any data protection impact assessments and prior consultations with Supervisory Authorities or other competent data privacy authorities, which the Controller reasonably considers to be required by Articles 35 or 36 of the GDPR, in each case solely in relation to Processing of Personal Data by, and taking into account the nature of the Processing and information available to, the Processor.
4.7. Return or Deletion of Personal Data: At the choice of the Controller, the Processor shall delete or return all the Personal Data to the Controller after the end of the provision of Services relating to Processing, and shall delete existing copies unless Union or Member State law requires storage of the Personal Data. The Processor shall certify to the Controller that it has done so upon request.
4.8. Audits and Inspections: The Processor shall make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in this Article 28 and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller. Audits shall be conducted no more than once annually, with 30 days prior written notice, and each party shall bear its own costs. Where possible, the Controller agrees to exercise its audit rights by requesting and reviewing Expanly’s third-party audit reports and certifications before initiating any on-site audit. The Processor shall immediately inform the Controller if, in its opinion, an instruction infringes the GDPR or other Union or Member State data protection provisions.
5. Obligations of the Controller
5.1. The Controller warrants that it has complied, and will continue to comply, with all applicable data protection laws, including the GDPR, in respect to its Processing of Personal Data and any Processing instructions it issues to the Processor.
5.2. The Controller shall ensure that it has a lawful basis for the Processing of Personal Data by the Processor in accordance with this DPA.
5.3. The Controller shall be responsible for providing all necessary privacy notices to Data Subjects and, where required, obtaining any necessary consents from Data Subjects for the Processing of their Personal Data by the Processor.
6. International Transfers of Personal Data
6.1. Any transfer of Personal Data to a third country or an international organization by the Processor shall only occur on the basis of documented instructions from the Controller and shall comply with Chapter V of the GDPR.
6.2. Where Personal Data is transferred from the European Economic Area (EEA) to a country outside the EEA that is not recognized by the European Commission as providing an adequate level of data protection, the Parties agree to implement appropriate safeguards as required by the GDPR, such as the Standard Contractual Clauses (SCCs) as approved by the European Commission. The Parties agree to execute any further documentation necessary to give effect to such safeguards.
7. Liability and Indemnity
7.1. The liability of each Party under this DPA shall be subject to the limitations and exclusions of liability set out in the Principal Agreement.
7.2. The Processor shall be liable for the damage caused by Processing only where it has not complied with obligations of the GDPR specifically directed to Processors or where it has acted outside or contrary to lawful instructions of the Controller.
7.3. The Controller shall be liable for the damage caused by Processing where it has not complied with its obligations under the GDPR.
7.4. Any indemnification obligations related to data protection are set out in the Principal Agreement.
8. Term and Termination
8.1. This DPA shall become effective on the date of the last signature affixed below by the Parties and shall remain in effect for as long as the Processor Processes Personal Data on behalf of the Controller under the Principal Agreement.
8.2. Termination of this DPA shall not affect any rights or obligations of the Parties which have accrued prior to termination.
8.3. The provisions of this DPA which by their nature are intended to survive termination (including, without limitation, obligations regarding confidentiality, return or deletion of data, and liability) shall remain in effect.
9. Governing Law and Jurisdiction
9.1. This DPA and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of Finland.
9.2. The Parties irrevocably agree that the courts of Helsinki, Finland shall have exclusive jurisdiction to settle any dispute or claim that arises out of or in connection with this DPA or its subject matter or formation.
10. Miscellaneous
10.1. Notices: Any notices required or permitted to be given under this DPA shall be in writing and shall be delivered to the contact details provided by the Parties during account registration or as otherwise specified in the Principal Agreement (TOS), or to such other address as may be designated by a Party in writing.
10.2. Severability: If any provision of this DPA is found by any court or administrative body of competent jurisdiction to be invalid, unenforceable, or illegal, the other provisions shall remain in force.
10.3. Entire Agreement: This DPA, together with the Principal Agreement and any Annexes, constitutes the entire agreement between the Parties with respect to the subject matter hereof and supersedes all prior and contemporaneous agreements, proposals, or representations, written or oral, concerning its subject matter.
10.4. Amendments: No amendment or modification of this DPA shall be effective unless it is in writing and signed by authorized representatives of both Parties.
© Expanly Oy 2025. All rights reserved.
Annex 1: Sub-processors
Expanly uses the following Sub-processors to provide the Services. This list may be updated from time to time in accordance with the terms of this DPA.
Google Cloud Platform: Hosting infrastructure
Firebase: Authentication, storage, analytics
Google Analytics / Firebase analytics: Usage analytics
Slack: Receives contact and signup form data for internal notifications and customer support workflows
Pipedrive: CRM used for customer onboarding or support
Framer: Website hosting
© Expanly Oy 2025. All rights reserved.
