— Data Processing Addendum

Last updated:

Company: Alt Deluxe Inc. (DBA )

Address: 2810 North Church Street, Wilmington, Delaware 19802, USA

Email:

This Data Processing Addendum ("DPA") forms part of the Agreement between the Customer ("Controller") and ("Processor"). It applies whenever processes Personal Data on behalf of the Customer.

1. Roles of the Parties

  • The Customer is the Controller.
  • is the Processor.
  • processes Personal Data only to provide the Service and in accordance with the Customer's documented instructions.

2. Purpose of Processing

processes Personal Data solely to:

  • operate and improve the Service,
  • host and store Customer data,
  • run AI-powered chat agents,
  • provide support and security, and
  • manage billing and analytics.

No processing occurs beyond what is needed to deliver the Service.

3. Subprocessors

uses trusted third parties ("Subprocessors"), including:

  • AWS (hosting)
  • Vercel (platform hosting)
  • Resend (emails)
  • Stripe / PayPal (payments)
  • Analytics tools

All Subprocessors are bound by written agreements with data protection obligations that are no less protective than those in this DPA. remains responsible for the performance of its Subprocessors.

4. International Transfers

may transfer Personal Data to the United States and other regions where or its Subprocessors operate.

All such transfers comply with GDPR-approved safeguards, including Standard Contractual Clauses (SCCs) and UK Addendums where required, or other lawful transfer mechanisms.

5. Security

maintains industry-standard security measures designed to protect Personal Data, including:

  • encryption in transit and at rest,
  • access controls,
  • secure hosting infrastructure,
  • rate limiting and abuse prevention, and
  • staff confidentiality obligations.

6. Data Subject Rights

will assist the Customer in responding to requests from data subjects under GDPR or other applicable laws, such as requests for:

  • access,
  • correction,
  • deletion,
  • portability, and
  • objection.

Requests or questions related to data subject rights should be sent to .

7. Data Breaches

If becomes aware of a Personal Data Breach affecting Customer data, will notify the Customer without undue delay and provide available details, consistent with its legal obligations and incident response processes.

8. Data Deletion

When the Agreement between Customer and ends:

  • the Customer may request deletion of all Personal Data processed on its behalf; and
  • will delete such Personal Data within 30 days of the request, unless retention is legally required.

9. CCPA / California Requirements

For California Customers:

  • acts as a "Service Provider".
  • We do not sell or share personal data.
  • We use data only to provide and support the Service.

10. Liability & Conflict

All limitations of liability and disclaimers in the main Agreement between the parties apply equally to this DPA.

In the event of a conflict between this DPA and the Agreement, this DPA will control solely with respect to the processing and protection of Personal Data.

11. Contact

For questions about this DPA or data protection, please contact the Privacy Team:

Email:

Alt Deluxe Inc. (DBA )
2810 North Church Street
Wilmington, Delaware 19802, USA

Data Processing Addendum (DPA) | Chat AgentX