• Marketing Solutions
    Products
    • Profiles

      Build your brand and capture demand.

    • Buyer Intent

      Find customers primed to purchase.

    • Reviews

      Get feedback and inspire buyer confidence.

    • Content Marketing Subscription

      Drive demand with licensed G2 Reports.

    • Market Intelligence

      Make data-driven decisions with insider intel.

    Solutions
    • G2 for Marketing
    • G2 for Sales
    • G2 for Services
    Get Started with G2
    • Create a Profile

      List your product or service on G2 and get your name in front of millions.

    • Claim Your Profile

      Take control of your company’s profile to start building brand and demand.

  • Integrations
    By Objectives
    • Optimize ABM

      Define audiences and target key accounts.

    • Harness Sales Intelligence

      Find decision makers who are ready to buy.

    • Identify Market Demand

      Find customers looking at you and your competitors.

    • Engage Customers

      Connect with customers when they interact with your product.

    • Build Pipeline

      Make it easier for prospects to find you outside G2.

    • See all integrations
    By Integration Type
    • Buyer Intent
    • Review Collection
    • Syndication
    • Content
    Partner with G2

    Join the thousands of vendors who work with G2 and enhance your strategies in a snap. Learn more

  • Customer Stories
  • Customer Stories
    Reducing cost per lead
    • ZoomInfo

      Increases conversion and lowers CPL by 27%.

    • Metadata.io

      Activates G2 Buyer Intent and lowers CPL by 42%.

    • Impact.com

      Cuts CPL in half while improving conversion rate.

    Boosting Pipeline Generation
    • Salesloft

      Power of customer voice to drive 1M in pipeline.

    • Demandbase

      Qualifies $3.5 million in pipeline in a single quarter.

    • BetterCloud

      Sees an 81% increase in deal size.

    Building brand and trust
    • Reputation

      Sees 174% increase in ARR.

    • Relayto

      Establishes market leader position in their category.

    • Siemens

      Gained a competitive and presence advantage.

    G2 customer stories

    G2 customers are delivering impact and leveling up their credibility. Get inspired by their stories.

    Explore all customer stories What customers are saying about G2

    769 reviews

  • Resources
    Learn G2
    • Resource Hub

      Our collection of content so you can thrive on G2.

    • G2 University

      On-demand certs for marketing and sales.

    • Webinars

      Learn from the experts. Sell more, grow more.

    • Learn Hub

      Keep a finger on the tech pulse.

    Research
    • Research Hub

      Content you need to make better technology decisions.

    • Our Analysts

      Over 30 analysts across industries and sectors.

    • Research Insights

      From cloud, ERP, HR, AI, and more.

    • Our Reports

      Info to solve your real-world business problems.

    • Research Methodology

      A robust method to bring transparency to B2B buying.

    • Documentation

      Browse G2 product documentation, tutorials, and latest releases.

    Download latest reports
    • 2024 Software Buyer Behavior Report

      Navigate a new software buying reality.

    • G2 Grid & Index Reports

      Discover high performing and top software across G2 cateogries.

    • 2024 Trends

      G2 analysts lay out the industry trends you need to know to ride change to growth.

    • See all reports
  • Pricing
  • Company
    Join Us
    • Careers

      Find your next career peak with us.

    • Our Commitments

      We’re creating a place where every you can be you.

    • Life @ G2

      Read how our values come together at work.

    • Locations

      Work in personalized and flexible ways.

    • Teams

      Join a team where growth happens together.

    • G2 Story
    • G2 News
    • G2 Culture
    • G2 Gives
    • G2 Philanthropy
    Connect with us
    • Contact Sales

      Have your sales questions answered.

    • Troubleshoot Your G2 Profile

      Commonly asked questions and answers get you on your way fast.

    • Create a Profile

      Set up your profile and put yourself in front of millions.

    • More ways to connect
  • Get Started
    • Create a Profile

      Set up your profile and put yourself in front of millions.

    • Success with G2

      Take your brand up-and-to-the-right in record time.

    • Claim Your Profile

      Generate brand awareness and capture demand.

  • Request a demo
Request a demo
Contact us
  • English
  • Deutsch
  • Español - España
  • Français
  • Português - Portugal

Data Processing Addendum

This Data Processing Addendum (“DPA”) is between  G2.com, Inc. (“G2”) and the entity identified in the Service Order (“Customer”) and is incorporated into the Master Service Agreement (“Agreement”), or a similar agreement regarding the Services, between the  parties. Capitalized terms not defined herein have the meanings assigned in the Agreement. 

This DPA applies only when Personal Data is transferred by Customer (Controller) to G2 (Processor) for the following purposes:      

Purpose

Data Subject

Personal Data Transferred from Customer to G2

Review Campaign 

Customer’s clients

First Name + Email

Invitation to my.G2

Customer’s employees

First Name + Last Name + Email

1. Scope.

This DPA sets forth how G2 will Process Personal Data (or a similar term as defined by applicable Privacy Laws) provided by Customer under  the Agreement. The parties agree to comply with applicable data protection laws (“Privacy Laws”). Details of the Processing are in Appendix A. “Process” (and its cognates) is defined according to applicable Privacy Laws. 

2. Obligations of Customer.

Customer is solely responsible for (a) providing notice or obtaining consent from a person to whom Personal Data relates (“Data Subject”) as required by Privacy Laws; (b) supplying only the minimum necessary Personal Data for G2 to fulfill its obligations; (c) ensuring the accuracy and completeness of Personal Data and making updates, including handling Personal Data deletion requests; (d) any unauthorized Processing  outside the  control of G2 or a Subprocessor; (e) ensuring Personal Data does not contain Special Categories or Sensitive Personal Data (as defined by Privacy Laws); (f) managing third-party controller communications; and (g) reviewing G2’s data security information to meet  legal obligations. Customer must  not request G2 to Process  in violation of Privacy Laws. If G2 believes an instruction violates Privacy Laws, G2 may refuse to Process without any penalties. For any  legal requirements not covered by this DPA, Customer must notify G2 at legal@g2.com. G2 is not responsible for initiating this process and may refuse, without incurring any penalties, to Process Personal Data if the requirements exceed this DPA. 

3. Use Of Personal Data.

Customer instructs G2 to Process Personal Data (a) to perform its obligations under the Agreement and in accordance with  Appendix A, (b) as required by law and in compliance with Privacy Laws, or (c) for any other purposes permitted by Customer in writing. G2 will not “share” or “sell” Personal Data (as defined by CCPA). 

4. Privacy and Security.

G2 will implement reasonable security measures to protect Personal Data , as outlined in Appendix B. Third-party certifications and audits are available upon Customer’s written request to security@g2.com (“Safeguards”). G2 can update Safeguards without prior notice to or approval from Customer, but will not  materially reduce the current standards.

5. Subprocessors.

Customer authorizes G2 to engage third parties or subcontractors to Process Personal Data its behalf (“Subprocessors”). G2 will ensure Subprocessors agree to similar data protection obligations as outlined in this DPA. Except as stated in the Agreement or this DPA, G2’s liability for Subprocessors is limited to the extent as if G2 were performing the services directly, and will not exceed the amount actually recovered by G2 from that Subprocessor. Customer provides G2 with a general authorization to engage Subprocessors. 

G2 maintains a list of its Subprocessors at https://legal.g2.com/subprocessors, where Customer is required to  subscribe to notifications of new Subprocessors(“Subprocessor Notification”). . If Customer objects to a new Subprocessor, Customer must notify G2 in writing at privacy@G2.com within 10 business days of G2 sending a Subprocessor Notification. If an objection is made in time,  G2 will make  reasonable efforts to avoid using  the contested Subprocessor, but if no solution is found within within 30 business days, Customer may terminate the Agreement and DPA in accordance with the termination provisions of the Agreement.

6. Cooperation and Audits.

G2 will provide reasonable assistance to help Customer comply with Privacy Laws regarding (a) this DPA; (b) privacy impact assessments or  (c) subject to the terms in this Section 6, audits of G2 as required under Privacy Laws (collectively, “G2 Audit Obligations”); Customer may audit G2 once in any  12-month rolling period, unless otherwise required by Privacy Laws. 

Regarding G2 Audit Obligations, subject to the confidentiality obligations set forth in the Agreement and upon Customer’s  written request, G2 will provide to Customer or, if required by Privacy Laws, Customer’s competent regulatory authority, (a) a summary of recent third-party audits or certifications, (b) similar reports from  Subprocessors to G2, or (c) other information required by Privacy Laws.

In Privacy Laws mandate an onsite audit (“On-Site Audits”), Customer and G2 will agree on scope, timing and duration at least 30 days in advance of any such audit. On-Site Audits will be limited to G2 facilities only, Customer will cover all costs, participants must comply with confidentiality and other requirements, solely to be determined by G2, and must occur during G2’s normal business hours. Unless otherwise required by Privacy Laws, Customer must submit Customer’s request for an On-Site Audit to G2 at privacy@g2.com with at least 30 days written notice.  G2 is not required to violate Privacy Laws or other legal or contractual obligations it has to its customers or its users. Customer must inform G2 of any compliance issues found during the On-Site Audit within 10 business days. G2 may adapt the scope of an On-Site Audit to avoid risks with respect to its legal and contractual obligations to other G2 customers and users. 

Audits under the EU and UK Standard Contractual Clauses (“SCCs”) will follow this Section 6.

7. Cross Border Data Transfers.

G2 Processes Personal Data in the United States. Transfers of Personal Data from the EU or UK to a jurisdiction which is not recognized by the EU or UK as having adequate data protection, or where data transfers contemplated by this DPA are not otherwise restricted under Privacy Laws, the EU SCCs andUK International Data Transfer Agreement (“UK Agreement”) apply, as incorporated by Appendix C. By signing  the Service Order, both parties accept the EU SCCs and UK Agreement.

For transfers of Personal Data from the EU (“EU Personal Data”) to the U.S., G2 participates in the EU-U.S. Data Privacy Framework Program  (“DPF”) and agrees to comply with the DPF to the extent Customer also participates in the DPF.

8. Personal Data Breach.

If G2 is negligent and materially compromises or causes accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer’s Personal Data or other event impacting Customer’s Personal Data that triggers an obligation for G2 to notify Customer under Privacy Laws related to security breach notification (collectively, a “Personal Data Breach”), G2 will notify Customer without delay of G2’s confirmation of such Personal Data Breach at the Security Email set forth in the Service Order. G2 will share the following information as it becomes available to G2: (a) a brief description of the Personal Data Breach, including its date, (b) details of the impacted Personal Data, (c) actions G2 is taking to investigate and mitigate, (d) contact information for further inquiries, and (e) any other information required under Privacy Laws. 

If Privacy Laws require notifying third parties, G2 will reimburse the Customer for reasonable costs directly related to the notification and any required credit monitoring (“Notification Costs”), excluding legal fees or related costs incurred by Customer.

G2 will cooperate with Customer’s reasonable investigation, as required by Privacy Laws. If Privacy Laws require notifying third parties, G2 will reimburse Customer for reasonable costs directly incurred by Customer for this legally required notification and any legally required credit monitoring (“Notification Costs”). Notification Costs shall not include any legal fees or related costs incurred by Customer.

9. Information Management.

After completing the  Services, G2 will return or delete all copies of Personal Data, unless retention is required by law or otherwise infeasible, in which case G2 will retain the Personal Data only as necessary and may process it solely for the purpose of preventing return or deletion.

10. Indemnification.

Subject to Section 12 of the Agreement, Customer agrees that Customer will reimburse, indemnify and hold G2 harmless for all costs incurred in responding to or mitigating any losses suffered by G2, including, but not limited to, any losses relating to a third-party claim brought against G2 regarding the Processing of Personal Data where such Processing is consistent with Customer’s Processing instructions, the Agreement and/or this DPA. 

11. Limitation of Liability.

Except as otherwise explicitly stated in this DPA, G2’s sole liability and Customer’s sole remedy for G2’s breach of this DPA will not exceed the fees paid by Customer to G2 under the Service Order giving rise to the claim in the 12 months preceding the claim. In no circumstances will G2 be liable for any special, indirect, incidental, consequential, or punitive damages, including lost profits incurred by Customer. 

12. Interpretation and Updates.

G2 will update this DPA periodically, without notice to Customer, in material compliance with Privacy Laws and without materially lessening the protections set forth herein. The following order of precedence applies in the event of a conflict with respect to the Processing of Personal Data: (a) the International Data Transfer Agreement, (b) this DPA, (c) the Agreement, and (d) the Privacy Laws.

13. Term.

This DPA begins on the Effective Date and remains in force until the Agreement terminates, or until G2 stops Processing Personal Data on behalf of Customer.

 

APPENDIX A

Description of Processing 

Parties

Exporter & Controller: Customer

Customer information is as set forth in the Service Order.

Importer & Processor: G2.com, Inc.

100 South Wacker Drive, Suite 600, Chicago, IL 60606

Categories of Data Subjects Whose Personal Data is Transferred & Categories of Personal Data Transferred

Review Campaign (if applicable)

  • Data Subject: Customer’s customers
  • Personal Data: First name and email

Sensitive Data Transferred

Customer will not transfer Sensitive Data to G2.

Frequency of the Transfer

Continuous.

Nature of the Processing

To provide the Services.

Purpose of Processing, Data Transfer and Further Processing

To provide the Services.

Duration of Processing

As set forth in Section 13.

Subprocessor Transfers

As set forth in Section 5.

APPENDIX B

Technical and Organizational Measures

G2 has implemented the following technical and organizational measures for the protection of the security, confidentiality and integrity of Personal Data:

Access Control: Preventing Unauthorized Product Access

  • Outsourced processing: G2 hosts its Services with outsourced cloud infrastructure providers. G2 maintains contractual relationships with vendors in order to provide the Services in accordance with its  DPA. G2 relies on contractual agreements, privacy policies, and vendor compliance programs in order to protect data processed or stored by these vendors.
  • Physical and environmental security: G2 hosts its product infrastructure with multi-tenant, outsourced infrastructure providers. The physical and environmental security controls are audited for SOC 2 Type I and ISO 27001, 27017, 17018 compliance, among other certifications.
  • Authentication: G2 implemented a uniform password policy for its Customer’s products. Customers who interact with the products via the user interface must authenticate before accessing non-public Customer data.
  • Authorization: Customer data is stored in multi-tenant storage systems accessible to Customers via only application user interfaces and application programming interfaces. Customers are not allowed direct access to the underlying application infrastructure. The authorization model in each of G2’s products is designed to ensure that only the appropriately assigned individuals can access relevant features, views, and customization options. Authorization to data sets is performed through validating the user’s permissions against the attributes associated with each data set.
  • Application Programming Interface (API) access: Public product APIs may be accessed using an API.

Access Control: Preventing Unauthorized Product Use

  • G2 implements industry standard access controls and detection capabilities for the internal networks that support its products.
  • Access controls: Network access control mechanisms are designed to prevent network traffic using unauthorized protocols from reaching the product infrastructure. The technical measures implemented differ between infrastructure providers and include Virtual Private Cloud (VPC) implementations, security group assignment, and traditional firewall rules.
  • Intrusion detection and prevention: G2 implemented a Web Application Firewall (WAF) solution to protect hosted Customer websites and other internet-accessible applications. The WAF is designed to identify and prevent attacks against publicly available network services.
  • Static code analysis: Security reviews of code stored in G2’s source code repositories is performed. Checking for coding best practices and identifiable software flaws.
  • Penetration testing: G2 maintains relationships with industry recognized penetration testing service providers for one annual penetration tests. The intent of the penetration tests is to identify and resolve foreseeable attack vectors and potential abuse scenarios.

Access Control: Limitations of Privilege & Authorization Requirements

  • Product access: A subset of G2’s employees have access to the products and to Customer data via controlled interfaces. The intent of providing access to a subset of employees is to provide effective Customer support, to troubleshoot potential problems, to detect and respond to security incidents and implement data security. All such requests are logged. Employees are granted access by role, and reviews of high risk privilege grants are initiated regularly. Employee roles are reviewed at least once every 6 months.
  • Background checks: All G2 employees undergo a third-party background check prior to being extended an employment offer, in accordance with and as permitted by the applicable laws. All employees are required to conduct themselves in a manner consistent with company guidelines, non-disclosure requirements, and ethical standards.

Transmission Control

  • In-transit: G2 requires HTTPS encryption (also referred to as SSL or TLS) on every one of its login interfaces. G2’s HTTPS implementation uses industry standard algorithms and certificates.
  • At-rest: G2 stores user passwords following policies that follow industry standard practices for security. G2 has implemented technologies to ensure that stored data is encrypted at rest.

Input Control

  • Detection: G2 designed its infrastructure to log extensive information about the system behavior, traffic received, system authentication, and other application requests. Internal systems aggregated log data and alert appropriate employees of malicious, unintended, or anomalous activities. G2 personnel, including security, operations, and support personnel, are responsive to known incidents.
  • Response and tracking: G2 maintains a record of known security incidents that includes description, dates and times of relevant activities, and incident disposition. Suspected and confirmed security incidents are investigated by security, operations, or support personnel; and appropriate resolution steps are identified and documented. For any confirmed incidents, G2 will take appropriate steps to minimize product and Customer damage or unauthorized disclosure.
  • Communication: If G2 becomes aware of unlawful access to non-G2 Data stored within its Services, G2 will: 1) notify the affected Customers of the incident; 2) provide a description of the steps G2 is taking to resolve the incident; and 3) provide status updates to the Customer contact, as G2 deems necessary. Notification(s) of incidents, if any, will be delivered to one or more of the Customer’s contacts in a form G2 selects, which may include via email or telephone.

Availability Control

  • Infrastructure availability: The providers maintain a minimum of N+1 redundancy to power, network, and HVAC services.
  • Fault tolerance: Backup and replication strategies are designed to ensure redundancy and fail-over protections during a significant processing failure. Customer data is backed up to multiple durable data stores.
  • Online replicas and backups: Where feasible, production databases are designed to replicate data between no less than 1 primary and 1 secondary database. All databases are backed up and maintained using at least industry standard methods.
  • G2’s products are designed to ensure redundancy and seamless failover. The server instances that support the products are also architected with a goal to prevent single points of failure. This design assists G2 operations in maintaining and updating the product applications and backend while limiting downtime.

APPENDIX C

EU & UK GDPR

Section 1 - EU:For data transfers from the EU, the EU SCCs are incorporated into this DPA as follows:

EU SCC Term

Amendment/Selected Option

Module

Module 2 (Controller to Processor).

Clause 7 (Docking Clause)

Option is not included.

Clause 9 (Use of Sub-Processors)

Option 2 shall apply. As set forth in Appendix .

Clause 11 (Redress)

Option is not included.

Clause 13 (Supervision)

Options are included, as applicable.

Clause 17 (Governing Law)

Ireland.

Clause 18 (Choice of Forum and Jurisdiction)

Ireland.

Annex I.A (List of Parties)

As set forth in Appendix A.

Annex I.B (Description of the Transfer)

As set forth in Appendix A.

Annex I.C (Competent Supervisory Authority)

As set forth in Appendix A.

Annex II (Technical and Organisational Measures)

As set forth in Appendix B.

Section 2 - UK: For data transfers from the UK, the UK Addendum is incorporated into this DPA as follows:

UK Addendum Term

Amendment/Selected Option

Table 1: Start Date

As set forth in Section 13.

Table 1: Parties

As set forth in Appendix A.

Table 2: Addendum EU SCC

As set forth in Section 1 of this Appendix C.

Table 3: Appendix Information

As set forth in Section 1 of this Appendix C.

Table 4: Ending this Addendum

Importer.

Mandatory Clauses

The Mandatory Clauses are incorporated into this Appendix C. The ‘Alternative Part 2 Mandatory Clauses’ are not selected.  

For Buyers
  • Software Reviews
  • Products
  • Best Software Companies
  • Write a Review
For Sellers
  • Market Profiles
  • Review Generation
  • Buyer Intent Data
  • Content Creation
  • Competitive Insights
  • Add Your Product/Service
Company
  • About
  • Leadership
  • Careers
  • Gives
  • News
  • Brand Resources
  • Contact
Resources
  • Sell
  • Learn
  • Research
  • Partner
  • Documentation
  • Legal

  • Community Guidelines
  • G2 Scoring Methodologies
  • Terms of Use
  • Privacy Policy
  • Cookie Policy
  • Cookie Preferences
  • Copyright Complaint Policy
  • Content Usage Guidelines
  • Your Privacy Choices
100 S. Wacker Dr.
Ste. 600
Chicago, IL 60606

© 2025, G2.com, Inc. All Rights Reserved.