Data Processing Agreement

1. Introduction

This Data Processing Agreement ("DPA") forms part of the ChatAIWorks Terms of Service and governs the processing of personal data in accordance with GDPR and other applicable data protection laws.

2. Definitions

• Controller: You (the customer) who determines the purposes and means of processing
• Processor: ChatAIWorks, processing data on behalf of the Controller
• Personal Data: Any information relating to an identified or identifiable natural person
• Processing: Any operation performed on personal data

3. Scope and Purpose

ChatAIWorks will process personal data only as necessary to provide the Service and in accordance with your documented instructions.

4. Data Security

We implement appropriate technical and organizational measures:

• Encryption of data in transit and at rest
• Regular security assessments and audits
• Access controls and authentication
• Data minimization and pseudonymization
• Incident response procedures

5. Sub-Processors

We may engage sub-processors to assist in providing the Service. Current sub-processors include:

• Cloud hosting providers (AWS, Google Cloud)
• AI service providers (OpenAI, Voyage AI)
• Payment processors (Stripe)
• Analytics providers

6. Data Subject Rights

We will assist you in responding to data subject requests:

• Right of access
• Right to rectification
• Right to erasure
• Right to restriction of processing
• Right to data portability
• Right to object

7. Data Breach Notification

We will notify you without undue delay upon becoming aware of any personal data breach affecting your data.

8. Data Retention and Deletion

We will retain personal data only as long as necessary for the purposes outlined in our Privacy Policy or as required by law. Upon termination, we will delete or return all personal data within 30 days.

9. Contact

For DPA-related questions: dpo@chataiworks.com