GDPR Data Processing and Security Terms

Effective date: October 25th, 2022.

By use of High Pulse Media Inc. services, DBA Nautilus (Also We, Us and Company) you instruct Nautilus to process any personal data you provide to Nautilus in alignment with Nautilus Service Agreement and Privacy Policy and agree to the processing of any personal data that Nautilus provides to you in connection with the services. Customer also specifically authorizes the engagement of Nautilus Affiliates as Sub-processors. In addition, Customer generally authorizes the engagement of any other third parties as Sub-processors.


Controller (data exporter): Customer, being a Nautilus Customer or Affiliate per Nautilus Privacy Policy.

Processor (data importer): High Pulse Media Inc. DBA Nautilus, 30 Brackenwood Ave., Richmond Hill, ON, L4S 2P5, Canada

Supervisory Authority: The competent supervisory authority shall be the supervisory authority within the Member Province / State in which the data exporter and data importer are established in regard to a specific data transfer.

Customer Obligations

By use of Nautilus services you agree to comply with data protection, security and other obligations with respect to any and all personal data by adhering to the Nautilus Service Agreement and Anti-Spam policies, and Privacy Policy along with all local data protection laws to which you are subject. Nautilus will inform you if, in Nautilus opinion, you have violated any data processing obligation.

Details of Data Processing

Subject Matter: All Nautilus services, Customer provided data, and related technical support to Customer, including all publicly available information that is transmitted or retrieved from sub-processors of Nautilus.

Duration of the Processing: As identified in the Nautilus Service Agreement.

Nature and Purpose of the Processing: Nautilus provides an email service, automation and marketing platform and other related services as identified in our Privacy Policy.

Categories of Data: As outlined in our Privacy Policy (“I Am A Nautilus Affiliate.”, “I Am A Subscriber To An Email List Managed Through Nautilus.”, “I Am A Nautilus Customer.”)

Data Subjects: Personal data submitted, stored, sent or received via Nautilus services that may concern the Customer or Subscribers of the Customer.

Data Security

Nautilus takes all reasonable technical and organizational measures to commit to confidentiality of your data. The following information highlights our efforts to secure your trust in us with your data.

  • Use of encryption while data is being transmitted to or procured from our systems and while stored in our data centres

  • Continual automated and manual monitoring of the confidentiality, integrity, availability, and resilience of our systems

  • Emergency Preparedness to restore availability of our services in the event of a physical or technical incident

  • Routine backups in the event of data loss or corruption

  • Regular risk assessments of all systems both internally and externally

  • DDoS detection and mitigation in place for all data centres

  • Promoting Responsible Disclosure

Account Security

  • Continuous automated and manual monitoring for fraud and abuse on all Nautilus accounts

  • Secure notifications to customers for sensitive account actions like password resets

  • Tiered account access is available to limit billing and other sensitive information disclosure

Personnel Security

  • Taking commercially reasonable steps to ensure employees and those acting on Nautilus behalf maintain confidentiality of personal data including continual security awareness training and annual attestation

  • All Nautilus employees are background checked prior to employment

  • Privacy confirmations of all sub-processors engaged in providing Nautilus services to maintain and provide at least the same level of protection for the personal data and the same rights of data subject as Nautilus.

  • Secured physical access to all data centres including keycards, alarms, and video camera recording 

Customer Response

  • Providing written responses to all reasonable requests for information made by customers and their subscribers

  • In the event of a personal data breach, reasonably assisting customers with data security audits, including inspections, conducted by the customer, auditors, law enforcement, or other supervisory authorities

  • Providing notice to customers regarding personal data breaches without undue delay

  • Reasonably assisting customers with their obligations to Supervisory Authority Data Protection Impact Assessments and Prior Consultation taking into account the nature of processing and data involved

Security Certifications

  • Maintaining Privacy-Shield certification by completing an annual third-party review

  • Maintaining Payment Card Industry (PCI) Security certification by completing an annual compliance review

Data Rights

  • Right to be informed: You or your subscribers can ask about personal data, how it is used, and why it is being used at any time.

    Right of access: As outlined in our Privacy Policy (Access to Personal Information).

    Right of rectification: You or your subscribers can update (or request updates to) personal information at any time.

    Right of erasure: You may cancel your Nautilus account at any time and may additionally request that Nautilus erase your personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. Your subscribers may also request that you or Nautilus do the same for their personal data. Nautilus reserves the right to keep the minimum amount of information that helps us prevent fraud to keep your deliverability the highest it can be.

    Right to restrict processing: You may put your account on hold at any time which restricts the sending of email. Your data will still be processed for other actions such as billing and by our sub-processors. You may backup and deactivate a list to verify subscriber data and reactivate within 30 days. You may cancel your account to restrict all data processing of your data and your subscribers and reactivate your account as long as we have not yet deleted your information according to our retention policies.

    Right to data portability: You may export any of your lists, or selected information within any list, at any time while your account is active by accessing your Nautilus account.

    Right to object: You may unsubscribe from any of Nautilus emails at any time. Your subscribers may unsubscribe from your emails at any time.

    Nautilus does not discriminate against a customer, price services differently, or reduce quality of service based on exercising of the above data rights.


You may opt-in to be informed of sub-processor additions excluding those on our list of sub-processors below by contacting us. If you object to any sub-processor addition, you may cancel your account within 5 days of the notification provided that such objection is based on reasonable grounds relating to data protection. You may independently contact any of these sub-processors directly to have your information erased that they store about you. This may include information you provided to AWeber or information AWeber procured from the sub-processor.

Sub ProcessorNature, Purpose, Duration of ProcessingData SecurityPurpose
AirtableAirtable PrivacyAirtable SecurityBusiness Analytics
AmazonAWS PrivacyAWS SecurityCloud Infrastructure Hosting
AppcuesAppcues Data Processing AddendumAppcues SecurityCustomer Walkthroughs and Surveys
ClearbitClearbit PrivacyClearbit SecurityCustomer Intelligence
First DataFirst Data Privacy and SecurityCustomer Billing
Chase PaymentechMerchant Services PrivacyChase SecurityCustomer Billing
FullstoryFullstory PrivacyFullstory SecurityCustomer Support
GoogleGoogle PrivacyGoogle SecurityBusiness Analytics
KissmetricsKissmetrics PrivacyKissmetrics SecurityBusiness Analytics
LiveChatIncLiveChat PrivacyLiveChat SecurityCustomer Support
LobLob PrivacyLob SecurityAddress Validation
PayPalPayPal Data Protection AgreementPayPal Safety and SecurityBilling and Payments
PodsightsPodsights Security and PrivacyBusiness Analytics
Sift ScienceSift Privacy and SecuritySecurity
Alchemer (Survey Gizmo)Alchemer Privacy and Data SecurityCustomer Surveys
TwilioTwilio PrivacyTwilio SecurityCustomer Support
TypeformTypeform Privacy and SecurityCustomer Support and Surveys
VWOVWO PrivacyVWO SecurityA/B Testing
ZendeskZendesk PrivacyZendesk SecurityCustomer Support

Ready To Get Started?

Let's get to work...