What does Limitless Now do?

Limitless Now specializes in simplifying complex business operations by using artificial intelligence to automate repetitive tasks, streamline workflows, and reduce operational costs. The company designs and develops custom AI strategies and tools tailored to your specific business goals, offering solutions for content creation, marketing, sales, and data analytics.

How can AI automation benefit my business?

AI automation can recapture up to 40% of employee hours currently spent on repetitive tasks and lower operational costs by as much as 90%. By implementing AI agents, your business can achieve 24/7 operations, leading to more cost-effective growth and enhanced productivity without a proportional increase in expenses.

What is your process for implementing AI solutions?

The process starts with a discovery meeting where the team listens to understand your business's challenges and goals. Following this, they develop a custom automation strategy, implement the AI solutions seamlessly into your operations, and provide continuous improvement and optimization to ensure long-term efficiency.

What are Business AI Agents?

Business AI Agents are intelligent, automated workflows designed to run on autopilot using advanced technology. These agents can handle thousands of daily interactions, manage routine data entry, generate reports, and operate around the clock to ensure your business never misses an opportunity.

How do you help with content creation?

Limitless Now uses AI-powered tools to effortlessly generate high-quality, engaging content that is tailored to your specific audience. Its AI creative automation can analyze market trends and brand guidelines to produce ad copy, social media posts, and blog drafts, potentially reducing content creation time by 60%.

Can your AI solutions integrate with my existing tools?

Yes, the platform offers robust integrations to connect AI with the business systems you already use. The solutions are designed for seamless integration with other tools to create unified and efficient automated workflows.

How do you ensure the security of my business data?

Limitless Now implements advanced security measures to protect your data from unauthorized access and other potential threats. Security is a core component of their solutions, ensuring that your business information remains safeguarded.

How quickly can I see a return on investment (ROI)?

You can begin to see measurable results quickly, as the company offers a "6-Week sprint" designed to get you up and running and delivering value from the first day. The solutions aim to save you hours every week and drive consistent, measurable results right away.

Email Agent Data Processing Agreement (DPA)

Effective Date: September 18, 2025

This Data Processing Addendum, including its Annexes, ("DPA") is supplemental to and forms part of the Terms of Service and any applicable order forms or statements of work (collectively, the "Agreement"), entered into between Limitless Now Ltd ("Processor", "we", "us") and the customer entity that has accepted the Agreement ("Controller", "you").

This DPA applies where we process Personal Data on your behalf in the course of providing the Services.

Definitions
"Applicable Data Protection Laws" means all data protection and privacy laws applicable to the processing of Personal Data under the Agreement, including, where applicable, the UK GDPR and European Data Protection Laws.

"Controller" means the entity that determines the purposes and means of the processing of Personal Data. For the purposes of this DPA, the Customer is the Controller.

"Data Subject" means the identified or identifiable natural person to whom Personal Data relates.

"EEA" means the European Economic Area.

"EU GDPR" means the General Data Protection Regulation (Regulation (EU) 2016/679).

"European Data Protection Laws" means the EU GDPR and the data protection or privacy laws of any EU Member State.

"Personal Data" means any information relating to a Data Subject that is processed by the Processor on behalf of the Controller in connection with the Services.

"Processing", "processes", or "process" mean any operation or set of operations performed on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

"Processor" means the entity that processes Personal Data on behalf of the Controller. For the purposes of this DPA, Limitless Now Ltd is the Processor.

"Restricted Transfer" means a transfer of Personal Data from the UK to a country not covered by UK adequacy regulations, or from the EEA to a country not subject to an adequacy determination by the European Commission.

"Security Incident" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored, or otherwise processed by the Processor.

"Services" means the AI-powered productivity services provided by the Processor to the Controller under the Agreement.

"Sub-processor" means any third-party processor engaged by the Processor to process Personal Data in connection with the Services.

"UK GDPR" means the EU GDPR as it forms part of the law of England and Wales, Scotland, and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019.

Roles and Responsibilities
2.1. Parties' Roles. The parties acknowledge and agree that for the purposes of Applicable Data Protection Laws, the Customer is the Controller and Limitless Now Ltd is the Processor.

2.2. Processor's Obligations. The Processor shall:
a. Process Personal Data only on the documented instructions of the Controller, as set out in the Agreement and this DPA, unless required to do otherwise by applicable law.
b. Inform the Controller if, in its opinion, an instruction infringes Applicable Data Protection Laws.
c. Not retain, use, or disclose the Personal Data for any purpose other than for the specific purpose of performing the Services, including not selling or sharing the Personal Data.

2.3. Controller's Obligations. The Controller represents and warrants that:
a. It has complied with all applicable laws, including Applicable Data Protection Laws, in collecting and providing the Personal Data to the Processor.
b. It has a valid legal basis for the processing of Personal Data as contemplated by the Agreement.
c. Its instructions to the Processor for the processing of Personal Data shall comply with all applicable laws.

Security Measures
3.1. Technical and Organisational Measures. The Processor shall implement and maintain appropriate technical and organizational measures to protect the Personal Data against Security Incidents. These measures are detailed in Annex 2 ("Technical and Organisational Measures").

3.2. Confidentiality. The Processor shall ensure that any person authorized to process the Personal Data is subject to a strict duty of confidentiality (whether a contractual or statutory duty).

3.3. Security Incidents. Upon becoming aware of a Security Incident, the Processor shall notify the Controller without undue delay. The Processor shall provide the Controller with timely information and cooperation as the Controller may reasonably require to fulfill its own data breach notification obligations under Applicable Data Protection Laws.

Sub-processing
4.1. General Authorization. The Controller provides a general written authorization for the Processor to engage Sub-processors to perform the Services. The Processor shall maintain an up-to-date list of its Sub-processors, which is provided in Annex 3.

4.2. New Sub-processors. The Processor will provide the Controller with at least 30 days' prior written notice of the appointment of any new Sub-processor. The Controller may object to the appointment in writing within this period on reasonable grounds relating to data protection. If the parties cannot reach a resolution, the Controller may terminate the portion of the Service provided by that Sub-processor.

4.3. Sub-processor Obligations. The Processor shall enter into a written agreement with each Sub-processor imposing data protection obligations that are at least as protective as those set out in this DPA. The Processor shall remain fully liable to the Controller for the performance of the Sub-processor's obligations.

International Transfers
5.1. Data Transfers. The Processor may transfer Personal Data to countries outside the UK and the EEA, subject to the implementation of appropriate safeguards.

5.2. Safeguards. For any Restricted Transfer, the Processor shall ensure that the transfer is governed by a valid legal mechanism, as detailed in Annex 3. This may include:
a. Reliance on the UK-US Data Bridge for transfers to certified US entities.
b. Execution of the UK's International Data Transfer Agreement (IDTA) or the UK Addendum to the EU's Standard Contractual Clauses (SCCs).
c. Conducting a Transfer Risk Assessment (TRA) where required.

Data Subject Rights and Audits
6.1. Assistance. Taking into account the nature of the processing, the Processor shall assist the Controller by implementing appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Controller's obligation to respond to requests from Data Subjects exercising their rights under Applicable Data Protection Laws.

6.2. Audits. The Controller may audit the Processor's compliance with this DPA once per year. The audit must be:
a. Notified to the Processor with at least 30 days' written notice.
b. Conducted by an independent, third-party auditor approved by both parties, at the Controller's expense.
c. In lieu of a direct audit, the Processor may provide copies of relevant third-party audit reports (e.g., SOC 2 report) if available.

Data Deletion
Upon termination of the Agreement, the Processor shall, at the choice of the Controller, delete or return all Personal Data to the Controller. The Processor shall delete existing copies unless applicable law requires storage of the Personal Data. The deletion process is further detailed in Annex 2.
General Provisions
8.1. Precedence. In the event of a conflict between this DPA and the Agreement, this DPA shall prevail in matters of data protection.

8.2. Governing Law. This DPA and any disputes arising from it shall be governed by the laws of England and Wales, subject to any mandatory local rights for EU customers as outlined in the Agreement.

ANNEX 1: DESCRIPTION OF THE PROCESSING

Parties

Controller: The Customer of the Services
Processor: Limitless Now Ltd

Subject Matter

The provision of AI-powered email, social media, and workflow automation services.

Duration

For the term of the Agreement, until processing is ceased upon termination.

Nature and Purpose of Processing

To analyze and categorize conversation threads, generate draft replies, automate workflows (including accounting integration), and otherwise provide, maintain, and improve the Services as initiated by the Controller's users.

Categories of Data Subjects

Employees, agents, customers, clients, business partners, and other third parties with whom the Controller communicates.

Categories of Personal Data

User account data, contact details, communication content (including email body and attachments), and technical metadata.

Special Categories of Data

The Services are not intended for the processing of Special Categories of Data. Any such processing is incidental and is the sole responsibility of the Controller.

ANNEX 2: TECHNICAL AND ORGANISATIONAL MEASURES (TOMS)

Limitless Now Ltd implements the following measures to ensure the security of the processing:

Encryption: Personal Data is encrypted at rest and in transit using industry-standard cryptographic protocols (e.g., TLS).

Access Control: Access to Personal Data is governed by the principle of least privilege, using Role-Based Access Controls (RBAC) and Multi-Factor Authentication (MFA).

Resilience: Systems are designed for high availability, hosted on resilient cloud infrastructure (Google Cloud Platform), with distributed services to mitigate the impact of technical incidents.

Incident Management: A formal incident response plan is in place to promptly detect, investigate, and notify the Controller of any Security Incident.

Data Deletion: Upon request, data enters a 30-day "pending deletion" period before being permanently purged from active systems. Backups are securely destroyed on a rotational basis.

Confidentiality: All personnel are subject to binding confidentiality obligations.

Testing and Evaluation: The effectiveness of security measures is regularly tested and evaluated.

ANNEX 3: SUB-PROCESSORS AND INTERNATIONAL TRANSFERS

A. Approved Sub-processors

Sub-processor

Service Provided

Location of Processing

Safeguard for Restricted Transfers

Google Cloud EMEA Ltd

Cloud Hosting & Infrastructure

Ireland (EEA)

N/A (within UK/EEA adequacy zone)

Supabase, Inc.

Authentication & Database

Ireland (EEA)

UK IDTA and TRA (to cover potential access by the US parent company)

Google, LLC

AI Models (Gemini)

London, United Kingdom

N/A (Processing within UK)

B. Personnel Access

Access to Personal Data by the Processor's personnel located outside the UK/EEA (e.g., Dominican Republic) is governed by an executed UK International Data Transfer Agreement (IDTA) between the relevant Limitless Now Ltd entities.