Replyot LogoReply Pilot
Start free

Data Processing Agreement (DPA)

Replyot
Effective Date: April 21, 2026

1. Parties

This Data Processing Agreement ("DPA") is entered into between:

  • Customer (Controller)
  • Replyot (Processor)

This DPA forms part of the Terms & Conditions.

2. Purpose

Replyot processes personal data on behalf of the Customer to provide AI communication and automation services.

3. Scope of Processing

3.1 Subject Matter

Processing of customer communication data via chat, messaging, and automation systems.

3.2 Types of Data

  • Names
  • Contact details
  • Messages and conversation data
  • Customer-provided information

3.3 Data Subjects

  • End-users of the Customer
  • Website visitors
  • Customers and leads

4. Obligations of Replyot (Processor)

Replyot shall:

  • Process data only on documented instructions
  • Ensure confidentiality of personnel
  • Implement appropriate technical and organizational measures
  • Assist the Customer in fulfilling GDPR obligations
  • Notify of data breaches without undue delay

5. Security Measures

Replyot implements:

  • Encryption (in transit and at rest where applicable)
  • Access controls
  • Secure infrastructure (cloud-based)
  • Monitoring and logging

6. Subprocessors

Replyot may use subprocessors (e.g., hosting providers, AI services).

  • Subprocessors are bound by data protection obligations
  • A list will be provided upon request

7. Data Transfers

Where data is transferred internationally, Replyot ensures safeguards such as:

  • Standard Contractual Clauses (SCCs)
  • Secure processing environments

8. Data Subject Rights

Replyot assists Customers in responding to:

  • Access requests
  • Deletion requests
  • Data portability
  • Objections to processing

9. Data Breach Notification

In case of a personal data breach:

  • Replyot will notify the Customer without undue delay
  • Provide relevant details for compliance

10. Data Retention and Deletion

  • Data is retained only as necessary
  • Upon termination, data will be deleted or returned upon request

11. Audits

Customers may request reasonable information to verify compliance.

12. Liability

Each party is responsible for its own compliance obligations under applicable data protection laws.

13. Governing Law

This DPA is governed by the laws of Bangladesh, subject to applicable international data protection regulations.

14. Contact

For data protection inquiries:
Email: support@replyot.com