Log In

Data Processing Addendum (DPA)
Last updated: October 12, 2025
This Data Processing Addendum ("DPA") is part of the agreement between you ("Customer") and ReplyBotz, LLC ("ReplyBotz," "we," "us," or "our") and applies whenever we process personal data on your behalf.
This DPA reflects our mutual understanding of data privacy, protection, and compliance-especially with the General Data Protection Regulation (GDPR), the UK Data Protection Act, and the California Consumer Privacy Act (CCPA).
1. Roles and Responsibilities
- You (the Customer) act as the Data Controller: you decide what data is collected, how it's used, and why.
- We (ReplyBotz) act as the Data Processor: we process personal data only on your instructions, and only as needed to deliver our services.
2. Types of Personal Data We May Process
Depending on how you use our services, we may process data such as:
- Names, emails, phone numbers (e.g., leads captured through your bot)
- Business contact details (e.g., your customer or client records)
- Chat conversations, form entries, and appointment bookings
- Location/IP information for analytics or integrations
We do not intentionally collect sensitive categories of data (e.g., health, biometric, or government ID numbers).
3. How We Use the Data
We process personal data solely to:
- Deliver and support the ReplyBotz services
- Troubleshoot issues, provide customer support, or improve performance
- Support integrations (e.g., with CRMs, email platforms, or webhooks)
- Comply with our legal obligations
We do not sell or share your customer data for advertising or marketing purposes.
4. Your Instructions
We only process personal data in accordance with your written instructions-usually through: - Platform settings or actions (e.g., building a chatbot, uploading training data) - Direct communication with our team (e.g., when requesting support or services)
If we're required to process data by law, we'll let you know (unless prohibited by law).
5. Subprocessors
We use trusted third-party tools ("subprocessors") to help deliver our services. These may include: - OpenAI (AI response generation)
- Google (cloud services and analytics)
- Stripe (payment processing)
- HubSpot, Mailchimp, etc. (only if integrated by customer)
- Web hosting, backup, or security platforms
We ensure all subprocessors are contractually bound to keep your data secure and private.
A full list of subprocessors is available on request.
6. Data Security
We take security seriously. Measures include:
- Encryption in transit and at rest
- Firewalled infrastructure and secure hosting
- Access control and authentication
- Regular updates and security audits
If there's ever a data breach involving your information, we'll notify you promptly with full details and next steps.
7. Data Subject Rights
If one of your customers or users asks to:
- Access their data
- Correct or update their info
- Delete their data ("right to be forgotten")
- Restrict or object to processing
...we'll help you fulfill that request, as required under GDPR or CCPA. You're responsible for responding to the request; we'll support you behind the scenes.
8. Data Transfers
If we transfer personal data outside the EU/UK, we ensure it's protected using: - Standard contractual clauses (SCCs)
- Other safeguards permitted under GDPR
9. Data Retention and Deletion
We keep personal data only as long as necessary to deliver your services. Once you close your account or request deletion, we'll securely delete all associated personal data within 30 days-unless legally required to retain it longer.
10. Termination
If our service agreement ends, this DPA stays in effect until all personal data has been securely deleted.
Questions?
We're here to help. If you have questions or requests related to data protection, email us at legal@replybotz.com