Data Processing Agreement

This Data Processing Agreement ("DPA") forms part of the Terms & Conditions between Revenuru Ltd ("Processor") and the Customer ("Controller") for B2B services.

1. Definitions

  • Controller: The customer using Aizee AI services.
  • Processor: Revenuru Ltd (trading as Aizee AI).
  • Data Subject: End users of the Controller's agents.
  • Personal Data: Any data relating to identified or identifiable individuals.

2. Processing Details

Subject Matter: Provision of AI agent services.

Duration: Term of the main agreement between the parties.

Nature: Automated processing for AI conversation and voice services.

Purpose: To provide AI agent functionality as described in the main agreement.

3. Categories of Data

  • Conversation logs and transcripts.
  • Voice recordings (if voice features are enabled).
  • User interaction metadata.
  • Business information provided by the Controller.

4. Processor Obligations

The Processor shall:

  • Process personal data only on documented instructions from the Controller.
  • Ensure persons processing data are under appropriate confidentiality obligations.
  • Implement appropriate technical and organizational security measures.
  • Not engage sub-processors without appropriate safeguards and transparency.
  • Assist the Controller with data subject requests where feasible.
  • Delete or return all personal data upon termination of services, unless retention is required by law.
  • Make available information necessary to demonstrate compliance with applicable data protection laws.

5. Security Measures

Technical and organizational measures include:

  • Encryption of data at rest and in transit where appropriate.
  • Access controls and authentication systems.
  • Regular security testing and assessment.
  • Incident detection and response procedures.
  • Business continuity and disaster recovery planning.
  • Physical security of data centers (Frankfurt, Germany).

6. Sub-processors

Current categories of sub-processors include:

  • Database and infrastructure providers (EU region where possible).
  • AI processing providers (with appropriate safeguards).
  • Payment processing providers (PCI DSS compliant).

The Controller will be notified of material changes to sub-processor use with reasonable advance notice and a right to object where required by law or contract.

7. International Transfers

Primary data storage is in Frankfurt, Germany (EU). Any transfers of personal data outside the EU or UK will include appropriate safeguards (such as Standard Contractual Clauses or adequacy decisions) as required by applicable law.

8. Data Breach Notification

The Processor will notify the Controller without undue delay after becoming aware of a personal data breach affecting the Controller's data and will provide reasonable assistance in meeting any legal obligations related to such breach.

9. Audits

Upon reasonable request and subject to confidentiality, the Processor will provide information or summaries of third-party audits to demonstrate compliance with this DPA and applicable data protection laws.

10. Liability

Liability provisions in the main Terms & Conditions apply. Each party is responsible for its own compliance with applicable data protection laws and indemnifies the other for damages arising from its own violations, to the extent permitted by law.

Last updated: 1 December 2025