Data Processing Agreement

Transparency in how we handle your data.

This Data Processing Agreement (DPA) describes how Dainin AI processes personal data on behalf of its customers, and the measures in place to support GDPR compliance and data protection obligations.

Agreement Scope

Scope

This DPA covers the following areas of data processing performed by Dainin AI on behalf of the customer.

Processing

How personal data is processed on behalf of the customer.

Security

Technical and organisational measures to protect personal data.

Subprocessors

Third-party providers involved in data processing.

Data Subject Rights

Supporting access, rectification, erasure, and portability requests.

Breach Response

Notification obligations in the event of a personal data breach.

Retention

Data retention periods and deletion upon termination.

GDPR Roles

Roles and Responsibilities

Customer (Controller)

  • Determines the purpose and means of processing
  • Provides lawful basis for data processing
  • Responsible for data subject communications
  • Instructs Dainin AI on processing activities

Dainin AI (Processor)

  • Processes data only on documented instructions
  • Implements appropriate security measures
  • Engages subprocessors with equivalent obligations
  • Assists with data subject rights and breach response

Data Scope

Categories of Data

Category
Examples
Purpose

Contact Information

Names, email addresses, job titles, company names

Account management and service delivery

Communication Data

Email metadata, calendar events, meeting transcripts (where enabled)

AI-powered analysis and workflow automation

Operational Data

CRM records, pipeline data, engagement metrics

Revenue operations and performance intelligence

Lawful Basis

Processing Purpose

Personal data is processed solely for the purpose of delivering the Dainin AI platform services as instructed by the customer.

  • AI-powered analysis of customer communications and operational data
  • Revenue intelligence, pipeline analysis, and performance insights
  • Workflow automation and task management
  • Account and user management within the platform
  • Service improvement based on aggregated, de-identified usage patterns

Technical Controls

Data Security Measures

Dainin AI implements appropriate technical and organisational measures to ensure the security of personal data processed on behalf of its customers.

Encryption at rest and in transit (AES-256, TLS 1.2+)

Role-based access controls with least-privilege enforcement

Regular security assessments and vulnerability management

Audit logging and monitoring of data access

Incident detection, response, and notification procedures

Secure development lifecycle practices

Third Parties

Subprocessors

Dainin AI may engage subprocessors to assist in delivering the platform services. All subprocessors are subject to equivalent data protection obligations.

  • Subprocessors are evaluated for security and privacy before engagement
  • Contractual obligations require equivalent data protection standards
  • Customers are notified of changes to the subprocessor list
  • Customers may object to new subprocessors within a reasonable timeframe

Cross-Border

International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), appropriate safeguards are implemented in accordance with GDPR requirements.

  • Standard Contractual Clauses (SCCs) as approved by the European Commission
  • Data processing agreements with all subprocessors involved in cross-border transfers
  • Technical measures including encryption and access controls for data in transit
  • Regular assessment of transfer mechanisms and adequacy decisions

Data Lifecycle

Data Retention & Deletion

Personal data is retained only for as long as necessary to provide the services. Upon termination, data is deleted or returned in accordance with the agreement.

  • Data retained for the duration of the service agreement
  • Deletion of customer data within 30 days of contract termination
  • Option to export data in standard formats before deletion
  • Backup data purged according to documented retention schedules
  • Confirmation of deletion provided upon request

Individual Rights

Data Subject Rights

Access

Right to obtain confirmation of processing and access to personal data.

Rectification

Right to correct inaccurate or incomplete personal data.

Erasure

Right to request deletion of personal data where applicable.

Restriction

Right to restrict processing in certain circumstances.

Portability

Right to receive personal data in a structured, machine-readable format.

Dainin AI assists the customer in responding to data subject requests. Requests should be directed to the customer as the data controller.

Breach Response

Security Incidents

In the event of a personal data breach, Dainin AI will notify the customer without undue delay and provide the information necessary to fulfil regulatory obligations.

Breach Notification Commitments

  • Notification to the customer without undue delay upon becoming aware of a breach
  • Description of the nature of the breach, categories and approximate number of data subjects affected
  • Contact point for further information and recommended measures
  • Cooperation with the customer in investigating and mitigating the breach
  • Documentation of all breaches including facts, effects, and remedial actions taken

Related

Related Security & Privacy Resources

Questions?

DPA & Data Protection Inquiries

To request a signed copy of our DPA or for data protection inquiries, please contact our security team.

security@dainin.ai