Clear Responsibilities

Data Processing Agreement

Our comprehensive DPA ensures GDPR compliance and protects your data processing activities with InsertChat.

This Data Processing Agreement ("DPA") forms part of the Terms of Service between InsertChat, Inc. ("InsertChat," "we," "us," or "Data Processor") and the customer ("Customer," "you," or "Data Controller") using InsertChat's services.

1. Definitions

In this DPA, the following terms have the meanings set out below:

  • "Data Protection Law" means applicable data protection and privacy laws, including GDPR, CCPA, and other applicable regulations.
  • "Personal Data" means any information relating to an identified or identifiable natural person that is processed by InsertChat on behalf of Customer.
  • "Processing" has the meaning given to it in the GDPR and includes the processing of Personal Data in connection with the Services.
  • "Services" means the InsertChat platform and related services provided to Customer.
  • "Sub-processor" means any third party engaged by InsertChat to process Personal Data on behalf of Customer.

2. Processing of Personal Data

2.1 Scope and Nature of Processing

InsertChat will process Personal Data as follows:

  • Subject matter: Provision of AI agent and customer support services
  • Duration: For the term of the agreement and as required for legal obligations
  • Purpose: To provide the Services as described in the Terms of Service
  • Nature of processing: Collection, recording, storage, analysis, retrieval, and deletion

2.2 Categories of Data Subjects

  • Customer's end users and website visitors
  • Customer's employees and representatives
  • Customer's customers and prospects

2.3 Categories of Personal Data

  • Contact information (name, email, phone number)
  • Communication data (chat messages, conversation history)
  • Technical data (IP address, browser information, device identifiers)
  • Usage data (interaction patterns, timestamps, session data)

3. Customer Obligations

Customer warrants and undertakes that:

  • It has all necessary rights and consents to provide Personal Data to InsertChat for processing
  • It has provided appropriate privacy notices to data subjects
  • It will comply with all applicable Data Protection Laws
  • It will not provide sensitive personal data unless specifically agreed in writing
  • It will promptly notify InsertChat of any data subject requests or complaints

4. InsertChat Obligations

InsertChat undertakes to:

  • Process Personal Data only in accordance with Customer's documented instructions
  • Ensure that persons processing Personal Data are bound by confidentiality obligations
  • Implement appropriate technical and organizational security measures
  • Not engage sub-processors without prior notification and appropriate safeguards
  • Assist Customer in responding to data subject requests
  • Notify Customer without undue delay of any personal data breaches
  • Delete or return Personal Data upon termination of services

5. Security Measures

5.1 Technical Measures

  • 256-bit AES encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • Multi-factor authentication for system access
  • Regular security monitoring and intrusion detection
  • Secure software development lifecycle

5.2 Organizational Measures

  • Role-based access controls and principle of least privilege
  • Regular employee security training and background checks
  • Incident response and business continuity procedures
  • Regular security audits and penetration testing
  • Enterprise security certification and compliance monitoring

6. Sub-processors

6.1 Authorized Sub-processors

Customer provides general authorization for InsertChat to engage sub-processors. Current sub-processors include:

Sub-processorPurpose
HetznerCloud infrastructure and hosting
CloudflareCloud infrastructure and hosting
StripePayment processing
AWSEmail delivery

6.2 Sub-processor Changes

InsertChat will provide 30 days' prior notice of any changes to sub-processors. Customer may object to new sub-processors within 30 days of notification.

7. International Data Transfers

Personal Data may be transferred to and processed in countries outside the European Economic Area. InsertChat ensures adequate protection through:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions where applicable
  • Additional safeguards as required by applicable law
  • Data localization options for customers with specific requirements

8. Data Subject Rights

InsertChat will assist Customer in fulfilling data subject rights requests, including:

  • Access to personal data
  • Rectification of inaccurate data
  • Erasure of personal data
  • Restriction of processing
  • Data portability
  • Objection to processing

Customer remains responsible for responding to data subject requests and will provide necessary instructions to InsertChat within a reasonable timeframe.

9. Data Breach Notification

In the event of a personal data breach, InsertChat will:

  • Notify Customer without undue delay and within 72 hours of becoming aware
  • Provide all relevant information about the breach
  • Take immediate steps to contain and remediate the breach
  • Assist Customer in any required notifications to supervisory authorities
  • Cooperate with Customer's investigation and response efforts

10. Audits and Compliance

10.1 Regular Audits

InsertChat undergoes regular third-party security audits and maintains enterprise security certification. Audit reports are available to customers upon request under appropriate confidentiality agreements.

10.2 Customer Audits

Customer may conduct audits of InsertChat's processing activities upon reasonable notice and at Customer's expense, subject to confidentiality obligations and operational requirements.

11. Data Retention and Deletion

InsertChat will retain Personal Data only for as long as necessary to provide the Services and comply with legal obligations. Upon termination of the agreement:

  • Customer data will be made available for export for 30 days
  • All Personal Data will be securely deleted within 90 days
  • Deletion will be certified upon Customer request
  • Legal hold requirements will be respected where applicable

12. Liability and Indemnification

Each party's liability under this DPA is subject to the limitations set forth in the Terms of Service. InsertChat will indemnify Customer against claims arising from InsertChat's non-compliance with this DPA, subject to:

  • Customer providing prompt notice of any claims
  • Customer cooperating with InsertChat's defense
  • InsertChat having sole control of the defense and settlement

13. Term and Termination

This DPA comes into effect on the effective date and remains in force for the duration of the Terms of Service. The DPA will automatically terminate upon expiration or termination of the Terms of Service, except for obligations that survive termination.

How We Protect Your Data

We implement industry-leading security measures to ensure your data remains safe and private.

European Servers

EU Data Centers

Zero-Knowledge

End-to-End Encryption

24/7 Monitoring

Threat Detection

Regular Audits

Security Testing

Ready to transform your entire business?

Join leading enterprises that use InsertChat to revolutionize team productivity and customer interactions

Start your trial today

No credit card required • Setup in 5 minutes your AI Workspace & AI Agents