Data Processing Agreement

This Data Processing Agreement ("DPA") forms part of the Terms & Conditions between Revenuru Ltd ("Processor") and the Customer ("Controller") for B2B services.

1. Definitions

  • Controller: The Customer using Aizee AI services
  • Processor: Revenuru Ltd (trading as Aizee AI)
  • Data Subject: End users of Customer's agents
  • Personal Data: Any data relating to identified individuals

2. Processing Details

Subject Matter: Provision of AI agent services

Duration: Term of the main agreement

Nature: Automated processing for AI conversation services

Purpose: To provide AI agent functionality as per service agreement

3. Categories of Data

  • Conversation logs and transcripts
  • Voice recordings (if voice features enabled)
  • User interaction metadata
  • Business information provided by Controller

4. Processor Obligations

The Processor shall:

  • Process data only on documented instructions from Controller
  • Ensure persons processing data are under confidentiality obligations
  • Implement appropriate technical and organizational security measures
  • Not engage sub-processors without Controller's prior authorization
  • Assist Controller with data subject requests
  • Delete or return all data upon termination
  • Make available information necessary to demonstrate compliance

5. Security Measures

Technical and organizational measures include:

  • Encryption of data at rest and in transit
  • Access controls and authentication systems
  • Regular security testing and assessment
  • Incident detection and response procedures
  • Business continuity and disaster recovery
  • Physical security of data centers (Frankfurt, Germany)

6. Sub-processors

Current sub-processors include:

  • Database infrastructure provider (EU region)
  • AI processing services (appropriate safeguards in place)
  • Payment processing (PCI DSS compliant)

Controller will be notified of sub-processor changes with 30 days notice and right to object.

7. International Transfers

Primary data storage: Frankfurt, Germany (EU)
Any transfers outside EU include appropriate safeguards (SCCs or adequacy decisions).

8. Data Breach Notification

Processor will notify Controller without undue delay (maximum 72 hours) after becoming aware of a personal data breach, including:

  • Nature of the breach
  • Categories and numbers of data subjects affected
  • Likely consequences
  • Measures taken or proposed

9. Audit Rights

Controller may conduct audits with 30 days written notice, no more than once annually, unless required by supervisory authority. Costs borne by requesting party.

10. Liability and Indemnification

Liability provisions as per main Terms & Conditions apply. Each party indemnifies the other for damages arising from their respective GDPR violations.

11. Term and Termination

This DPA remains in effect for duration of main agreement. Upon termination, all personal data will be deleted or returned within 90 days.

12. Governing Law

This DPA is governed by the laws of England and Wales, subject to mandatory GDPR provisions.

Execution

This DPA is deemed executed when Customer accepts the Terms & Conditions or continues using the services after DPA publication.

Last updated: 10 September 2025

For questions: privacy@aizee.ai