Mainstay Systems is a service operated by Applied Ego Software LLC (“Applied Ego Software LLC,” “we,” “us,” or “our”), a Missouri limited liability company. This Addendum forms part of the Terms & Conditions and governs our processing of personal information on behalf of our business customers under U.S. state privacy laws.
“Applicable Privacy Laws” means U.S. state privacy statutes that apply to the processing, such as the CCPA/CPRA, VCDPA, CPA, CTDPA, and similar laws. “Personal Information,” “Controller,” “Processor” (or service provider), and “Process” have the meanings given in those laws. “Services” means the Mainstay Systems offering.
For personal information about a customer's own customers, the customer is the controller and Applied Ego Software LLC acts as a service provider / processor. We process that information only to provide the Services and on the customer's documented instructions, which include these Terms and the use of the product.
We will not:
We certify that we understand and will comply with these restrictions.
Personnel authorized to process personal information are bound by appropriate confidentiality obligations and receive role-appropriate guidance on handling it.
We engage the subprocessors below to deliver the Services. Each is bound by data-protection terms no less protective than this Addendum. We will give notice of material changes so the customer can object.
| Subprocessor | Purpose | Location |
|---|---|---|
| Twilio Inc. | SMS/MMS and voice messaging, phone-number provisioning, and A2P 10DLC carrier registration | United States |
| Vercel Inc. | Website and application hosting, content delivery, and infrastructure | United States |
| Neon, Inc. | Managed PostgreSQL database hosting (customer and account records) | United States |
| Google LLC | Google Business Profile management and review handling on the customer's behalf | United States |
| Stripe, Inc. | Subscription billing and payment processing | United States |
We maintain appropriate technical and organizational measures appropriate to the risk, including access controls, encryption of data in transit, network protections, logging, and incident response. We will notify the customer without undue delay after becoming aware of a personal-data breach affecting their data.
We provide reasonable assistance to help the customer respond to consumer rights requests (access, deletion, correction, portability, and opt-out). If a consumer contacts us directly, we will direct them to the customer unless we are legally required to respond.
We retain personal information only as long as needed to provide the Services or as required by law. On termination or written request, we will delete or return the customer's personal information, subject to legal retention obligations and standard backup cycles.
Personal information is processed in the United States. Where data crosses borders, we apply safeguards required by Applicable Privacy Laws.
Each party's liability under this Addendum is subject to the limitations in the Terms & Conditions, except where Applicable Privacy Laws prohibit such limitation.
To request a signed copy of this Addendum or to ask about it: