Data Processing Agreement

This Data Processing Agreement ("DPA") forms part of the agreement between the customer ("Controller") and JasPing ("Processor") regarding the processing of personal data through the JasPing platform.

This agreement is intended to comply with the requirements of Article 28 of the General Data Protection Regulation (GDPR) and other applicable data protection laws.

By using the JasPing platform, the customer agrees to this Data Processing Agreement and authorizes JasPing to process personal data on its behalf solely for the purpose of providing the Service.

For the purposes of this agreement:

• The Customer acts as the Data Controller, determining the purposes and means of processing personal data.
• JasPing acts as the Data Processor, processing personal data only on behalf of the Customer.

End-users interacting with AI agents deployed by the Customer may submit personal data that will be processed by the JasPing platform under the Customer's instructions.

JasPing will process personal data only according to documented instructions from the Customer and solely for the purpose of providing the platform services.

Processing activities may include:

• Storage of customer-provided knowledge base content
• Processing conversation messages between AI agents and users
• Generating AI responses
• Providing analytics and reporting

JasPing will not use customer data for purposes unrelated to providing the Service.

JasPing ensures that all employees, contractors, and subprocessors who have access to personal data are subject to strict confidentiality obligations.

Access to personal data is limited to authorized personnel who require such access in order to provide and maintain the platform services.

The Customer authorizes JasPing to engage third-party subprocessors necessary to operate the platform.

Examples may include:

• Cloud hosting providers
• AI model infrastructure providers
• Database and storage providers
• Payment processing platforms

JasPing ensures that all subprocessors are contractually bound by data protection obligations consistent with this agreement.

JasPing implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

• Encryption of data in transit
• Secure cloud infrastructure
• Access control and authentication mechanisms
• Monitoring and logging systems
• Regular security reviews

In the event of a personal data breach affecting customer data, JasPing will notify the Customer without undue delay after becoming aware of the breach.

JasPing will provide reasonable assistance to help the Customer meet its obligations under applicable data protection laws.

JasPing will assist the Customer, where reasonably possible, in responding to requests from data subjects exercising their rights under applicable privacy laws.

These rights may include:

• Right of access
• Right to rectification
• Right to erasure
• Right to restrict processing
• Right to data portability

Personal data may be processed in countries outside the European Economic Area where cloud infrastructure or service providers operate.

When such transfers occur, JasPing ensures appropriate safeguards are implemented, such as contractual protections and compliance with applicable data transfer mechanisms.

Upon termination of the service agreement, the Customer may request deletion or return of personal data stored within the JasPing platform.

Unless legally required to retain data, JasPing will securely delete customer data within a reasonable timeframe following termination of the service.

The Customer may request reasonable information regarding JasPing's data protection practices to verify compliance with this agreement.

Any audits must be conducted with reasonable notice and without disrupting normal operations of the platform.

Each party remains responsible for complying with its obligations under applicable data protection laws.

This agreement shall be governed by the same governing law specified in the JasPing Terms of Service.