Data Processing Agreement
Last updated: March 18, 2026
1. Scope
This Data Processing Agreement ("DPA") forms part of the Terms of Service between you ("Data Controller") and depeshe.ai ("Data Processor"). It governs the processing of personal data that you share with us through CRM integrations and platform usage.
2. Definitions
- Personal Data— any information relating to an identified or identifiable natural person within your CRM records (e.g., contact names, email addresses, phone numbers, company names).
- Processing— any operation performed on personal data, including collection, storage, analysis, and deletion.
- Sub-processor— any third party engaged by depeshe.ai to assist in data processing.
3. Purpose of Processing
We process personal data solely to:
- Provide AI-powered sales analytics, deal scoring, and recommendations.
- Generate daily digests, alerts, and call analysis reports.
- Deliver the features described in our Terms of Service.
4. Data Security Measures
- Encryption in transit (TLS 1.3) and at rest (AES-256).
- Row-level security ensuring data isolation between tenants.
- Access controls with role-based permissions.
- Regular security audits and vulnerability assessments.
- Incident response procedures with 72-hour breach notification.
5. Sub-processors
We use the following sub-processors:
| Sub-processor | Purpose | Location |
|---|---|---|
| Supabase | Database hosting and authentication | EU / US |
| Vercel | Application hosting | Global CDN |
| OpenAI / Anthropic | AI model inference | US |
We will notify you of any changes to sub-processors at least 30 days in advance.
6. Data Subject Rights
We will assist you in responding to data subject requests (access, rectification, erasure, portability, restriction, and objection) within the timeframes required by applicable law.
7. Data Retention & Deletion
- CRM data is retained for the duration of your active subscription.
- Upon termination, all personal data is deleted within 30 days.
- You may request immediate data deletion at any time via dashboard settings or by contacting us.
8. Breach Notification
In the event of a personal data breach, we will notify you within 72 hours of becoming aware of the breach. The notification will include the nature of the breach, categories of data affected, estimated number of records, and measures taken to address the breach.
9. Compliance
This DPA is designed to comply with Ukrainian data protection legislation and is aligned with GDPR principles. We commit to processing data only as instructed by you and in accordance with applicable law.
10. Contact
Data Protection Contact
Email: dpa@depeshe.ai
Kyiv, Ukraine