Skip to main content

Data Processing Agreement

Last updated: February 1, 2026

Need a signed DPA?

Enterprise customers can request a pre-signed DPA for their records.

Request DPA

Introduction

This Data Processing Agreement ("DPA") forms part of the Agreement between Inteliworks, Inc. ("Processor," "we," "us") and you ("Controller," "Customer") for the provision of AI automation services ("Services").

This DPA applies where and only to the extent that we process Personal Data on your behalf in the course of providing the Services, and such Personal Data is subject to Data Protection Laws.

This DPA is effective as of the date you accept our Terms of Service or otherwise begin using our Services.

1. Definitions

  • "Data Protection Laws" means all applicable laws relating to data protection and privacy, including GDPR, CCPA, and similar regulations.
  • "Personal Data" means any information relating to an identified or identifiable natural person.
  • "Processing" means any operation performed on Personal Data, including collection, storage, use, disclosure, and deletion.
  • "Data Subject" means the individual to whom Personal Data relates.
  • "Sub-processor" means any third party engaged by us to process Personal Data on your behalf.
  • "Standard Contractual Clauses" or "SCCs" means the contractual clauses approved by the European Commission for international data transfers.

2. Scope of Processing

2.1 Subject Matter

We process Personal Data to provide AI automation services, including:

  • Processing inputs to AI agents
  • Storing and managing user accounts
  • Executing automated workflows
  • Integrating with third-party services you connect
  • Providing analytics and reporting

2.2 Types of Personal Data

Categories of Personal Data processed may include:

  • Contact information (names, email addresses, phone numbers)
  • Professional information (job titles, company names)
  • Communication content (messages processed by AI agents)
  • Usage data (interactions with the Service)
  • Any other data you input into the Services

2.3 Data Subjects

Data Subjects may include:

  • Your employees and contractors
  • Your customers and prospects
  • Your vendors and partners
  • Any individuals whose data you process through our Services

3. Controller Obligations

As the Controller, you:

  • Determine the purposes and means of processing Personal Data
  • Ensure you have a lawful basis to collect and process Personal Data
  • Obtain all necessary consents from Data Subjects
  • Provide appropriate privacy notices to Data Subjects
  • Ensure the accuracy of Personal Data you provide
  • Comply with all applicable Data Protection Laws
  • Respond to Data Subject requests (with our assistance)
  • Not submit Sensitive Personal Data without additional safeguards

4. Processor Obligations

As the Processor, we shall:

  • Process Personal Data only on your documented instructions
  • Ensure personnel processing data are bound by confidentiality
  • Implement appropriate technical and organizational security measures
  • Assist you with Data Subject rights requests
  • Assist with security incidents and breach notifications
  • Delete or return Personal Data upon termination (at your choice)
  • Make available information to demonstrate compliance
  • Notify you if we believe an instruction violates Data Protection Laws

5. Sub-processors

5.1 Authorized Sub-processors

You authorize us to engage the following categories of sub-processors:

Sub-processor Purpose Location
Supabase Database hosting USA
Ionos Application hosting USA/Global
OpenAI AI processing USA
Anthropic AI processing USA
Stripe Payment processing USA
SendGrid/Resend Email delivery USA

5.2 Sub-processor Changes

We will notify you of any intended changes to sub-processors at least 30 days in advance. You may object to a new sub-processor by notifying us within 14 days. If we cannot reasonably accommodate your objection, you may terminate the affected Services.

5.3 Sub-processor Obligations

We ensure all sub-processors are bound by data protection obligations no less protective than those in this DPA.

6. Security Measures

We implement appropriate technical and organizational measures including:

  • Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
  • Access Controls: Role-based access, multi-factor authentication, least privilege
  • Infrastructure Security: Enterprise-grade security providers, network segmentation
  • Personnel Security: Background checks, security training, NDAs
  • Incident Response: 24/7 monitoring, documented procedures
  • Business Continuity: Regular backups, disaster recovery plans
  • Audit & Logging: Comprehensive logging, regular security assessments

See our Security page for detailed information.

7. Data Subject Rights

We will assist you in fulfilling Data Subject rights requests:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to data portability
  • Right to object to processing
  • Right to restrict processing

If we receive a request directly from a Data Subject, we will promptly forward it to you unless legally prohibited.

8. Data Breach Notification

In the event of a Personal Data breach, we will:

  • Notify you without undue delay (within 72 hours where feasible)
  • Provide details of the breach, including categories and approximate number of affected Data Subjects
  • Describe likely consequences and measures taken to address the breach
  • Cooperate with your investigation and notification obligations
  • Document all breaches and remediation actions

9. International Transfers

For transfers of Personal Data outside the European Economic Area (EEA), UK, or Switzerland, we rely on:

  • Standard Contractual Clauses: EU-approved SCCs are incorporated into this DPA
  • Supplementary Measures: Additional technical and organizational measures as needed
  • Transfer Impact Assessments: Conducted for high-risk transfers

For UK transfers, we use the UK Addendum to the EU SCCs. For Swiss transfers, we apply SCCs as recognized by Swiss authorities.

10. Audit Rights

You may audit our compliance with this DPA by:

  • Reviewing our enterprise security audit report (available upon request under NDA)
  • Reviewing our security certifications and policies
  • Requesting completion of security questionnaires
  • Conducting on-site audits (with reasonable notice, not more than once per year, at your expense)

We may charge reasonable fees for audit assistance beyond standard reporting.

11. Data Retention and Deletion

Upon termination of Services:

  • You may export your data within 30 days
  • We will delete Personal Data within 90 days, unless legally required to retain
  • We will provide certification of deletion upon request
  • Anonymized or aggregated data may be retained for analytics

12. Liability

Each party's liability under this DPA is subject to the limitations set forth in the Agreement. Nothing in this DPA limits liability for:

  • Death or personal injury caused by negligence
  • Fraud or fraudulent misrepresentation
  • Matters that cannot be limited by law

13. Contact

For DPA-related inquiries, contact our Data Protection Officer:

  • Email: dpo@inteliworks.io
  • Address: Inteliworks, Inc., Attn: DPO, 123 Innovation Drive, Wilmington, DE 19801

Related Legal Documents

Privacy Policy GDPR Compliance Security Terms of Service
1
๐Ÿค–
Inteliworks Support
Online โ€ข Replies instantly
๐Ÿค–

Hi there! ๐Ÿ‘‹ I can answer your questions about Inteliworks. What would you like to know?

Common questions:

Powered by AI โ€ข Talk to a human

Talk to Sales Start Free Trial (No Card)
Starting at
$797/mo
Start Free Trial โ†’
No card needed Cancel anytime