Data Processing Agreement (DPA)

Introduction

This Data Processing Agreement ("DPA") forms part of the [Master Agreement/Terms of Service] ("Principal Agreement") between Pairenthesis ("we," "us," or "our") and the Customer ("you" or "Customer") and governs the processing of Personal Data by us on your behalf in the course of providing the Service.

By using our Service, you agree to the terms of this DPA.

Definitions

• Applicable Data Protection Laws: All data protection laws and regulations applicable to the processing of Personal Data under this DPA, including GDPR and CCPA.
• Controller: The entity that determines the purposes and means of the processing of Personal Data.
• Processor: The entity that processes Personal Data on behalf of the Controller.
• Personal Data: Any information relating to an identified or identifiable natural person.
• Data Subject: The individual to whom Personal Data relates.
• Sub-Processor: Any Processor engaged by us to process Personal Data on behalf of the Customer.
• Standard Contractual Clauses: The clauses adopted by the European Commission for the transfer of Personal Data to processors established in third countries.

Subject Matter and Duration

• Subject Matter: The processing of Personal Data as necessary to provide the Service under the Principal Agreement.

• Duration: This DPA remains in effect for as long as we process Personal Data on your behalf under the Principal Agreement.

Nature and Purpose of Processing

We process Personal Data to provide, maintain, and improve the Service, including AI processing activities, data analytics, customer support, and other related services as described in the Principal Agreement.

Types of Personal Data and Categories of Data Subjects

a. Types of Personal Data

• Contact Information (e.g., names, email addresses)
• Account Credentials
• Usage Data
• Customer Data uploaded to the Service
• Any other Personal Data submitted by you or your users

b. Categories of Data Subjects

• Your employees, contractors, and agents
• End-users of your services who interact with the Service
• Any other individuals whose Personal Data is provided by you

Customer Obligations

• Compliance: You warrant that you comply with Applicable Data Protection Laws regarding the processing of Personal Data.

• Instructions: You will provide documented instructions for the processing of Personal Data.

• Legal Basis: You confirm that you have obtained all necessary consents and have a legal basis for processing and transferring Personal Data to us.

Our Obligations

• Processing: We will process Personal Data only on your documented instructions.

• Confidentiality: Ensure that personnel authorized to process Personal Data are committed to confidentiality.

• Security: Implement appropriate technical and organizational measures to protect Personal Data.

Sub-Processors

• Authorization: You authorize us to engage Sub-Processors listed in Annex 1.

• Obligations: We will ensure Sub-Processors are bound by data protection obligations consistent with this DPA.

• Changes: We will inform you of any intended changes to Sub-Processors and provide you with an opportunity to object.

International Data Transfers

• Standard Contractual Clauses: Transfers of Personal Data outside the EEA will be conducted in accordance with Standard Contractual Clauses.

• Adequacy: We will ensure that transfers are made to countries with adequate data protection laws or appropriate safeguards.

Security Measures

We will implement security measures as described in Annex 2, including:

• Encryption: Data is encrypted using AES-256 encryption at rest and TLS 1.2+ in transit.

• Access Control: Role-based access controls and multi-factor authentication for all systems.

• Physical Security: Data centers are secured with biometric scanners and 24/7 surveillance.

• Monitoring: Continuous monitoring of systems and networks for security incidents.

• Incident Response: Established procedures for responding to security incidents and data breaches.

Data Subject Rights

We will assist you, insofar as possible, in responding to Data Subject requests for exercising their rights under Applicable Data Protection Laws.

Data Breach Notification

We will notify you without undue delay upon becoming aware of a Personal Data Breach affecting your Personal Data, providing sufficient information to enable you to comply with your obligations.

Deletion or Return of Personal Data

Upon termination of the Principal Agreement, we will, at your choice, delete or return all Personal Data, unless retention is required by law.

Audits and Inspections

We will make available to you all information necessary to demonstrate compliance with this DPA and allow for audits, including inspections, conducted by you or an auditor mandated by you.

Miscellaneous

• Governing Law: This DPA shall be governed by the laws specified in the Principal Agreement.

• Liability: The liability provisions of the Principal Agreement apply to this DPA.

Contact Information

For any questions regarding this DPA, please contact:

• Email: privacy@pairenthesis.com

• Address: 166 Geary St. STE 1500 San Francisco, CA 94108 United States

Annexes

• Annex 1: List of Authorized Sub-Processors
• Annex 2: Technical and Organizational Security Measures

Annex 1: List of Authorized Sub-Processors

1. Amazon Web Services (AWS): Cloud hosting and storage services.
2. Stripe: Payment processing services.
3. Google Analytics: Website analytics services.
4. SendGrid: Email communication services.
5. Intercom: Customer support and communication services.