Skip to content
Home › Legal & Trust Center › Data Processing Addendum

Legal & Trust

Data Processing Addendum

Contractual terms that apply when a business client instructs us to process personal data — for example, their customers' names, numbers, or conversation content — through a custom AI agent we operate for them.

Last updated: Effective: Calculating…

On this page

  • Scope
  • Definitions
  • Roles of the parties
  • Client instructions
  • Confidentiality
  • Security measures
  • Subprocessors
  • International transfers
  • Data subject requests
  • Security incidents
  • Audits & information requests
  • Data return & deletion
  • Processing details
  • Categories of data subjects
  • Types of personal data
  • Nature & purpose of processing
  • Duration of processing
  • Contact details

1. Scope

This Data Processing Addendum ("DPA") describes how AI Agent Mindset handles personal data that a business client ("Client") asks us to process while we build, host, or operate a custom AI voice agent, WhatsApp agent, chatbot, or related automation on the Client's behalf. It supplements our Terms of Service or a signed statement of work, and applies only to the extent we process personal data as the Client's service provider/processor — it does not apply to our own website visitors and leads, which are covered by our Privacy Policy instead.

2. Definitions

"Personal data," "processing," "controller," and "processor" (or "business" and "service provider," depending on applicable law) have the meanings given to them under applicable data protection law, including India's Digital Personal Data Protection Act, the GDPR/UK GDPR, and relevant US state privacy laws, whichever applies to the Client's use of our services.

3. Roles of the Parties

The Client is the controller/business with respect to its end customers' personal data. AI Agent Mindset acts as processor/service provider, processing that data only to deliver the agreed AI automation services and only on the Client's documented instructions, except where we're required to do otherwise by law.

4. Client Instructions

The Client's instructions are set out in the applicable statement of work, agent configuration, and this DPA. We will notify the Client if, in our reasonable opinion, an instruction appears to violate applicable data protection law.

5. Confidentiality

We restrict access to Client personal data to personnel and contractors who need it to perform the services, and we bind them to confidentiality obligations at least as protective as those in this DPA.

6. Security Measures

We apply technical and organizational measures appropriate to the nature of the personal data and the risk involved, consistent with our Security & Trust page. We do not claim a specific third-party security certification unless separately confirmed in writing.

7. Subprocessors

We use subprocessors (such as cloud hosting, AI model, telephony, or messaging providers) to deliver the services. The specific subprocessors engaged for a given deployment depend on the technology stack agreed for that project.

Verified subprocessor list, on request

Rather than publish a generic subprocessor list that may not reflect a specific engagement, we maintain (or will maintain, as we formalize this process) an up-to-date subprocessor list per Client engagement, available on request and updated when a new subprocessor is added. We'll give reasonable notice of new subprocessors so the Client can object on legitimate data-protection grounds.

8. International Transfers

Where personal data is transferred outside the country in which it was collected, we rely on the transfer mechanisms available from our subprocessors (such as standard contractual clauses) and take into account applicable restrictions under the Client's governing data protection law.

9. Data Subject Requests

Where we receive a request from one of the Client's end customers to access, correct, or delete their personal data, we will promptly forward it to the Client and reasonably assist the Client in responding, since the Client — not us — is generally best placed to verify and act on the request.

10. Security Incidents

If we become aware of a security incident affecting Client personal data we process, we will notify the Client without undue delay after becoming aware, and provide information reasonably available to us to help the Client meet its own notification obligations.

11. Audits and Information Requests

We will make available information reasonably necessary to demonstrate compliance with this DPA and, on reasonable prior notice, allow the Client (or an appointed auditor, subject to confidentiality) to conduct an audit of relevant processing activities, to the extent required by applicable law or the parties' written agreement.

12. Data Return and Deletion

On termination of the applicable services, we will, at the Client's choice, delete or return personal data processed on the Client's behalf, except where retention is required by law or for legitimate business archival/legal purposes for a limited period.

13. Processing Details

The sections below describe, at a general level, the categories of data subjects, personal data, and processing activities typically involved in our AI automation services. The specific details for a given engagement are confirmed in that Client's statement of work.

14. Categories of Data Subjects

  • The Client's customers, leads, and prospects who call, message, or chat with the AI agent
  • The Client's employees or contractors who configure, monitor, or use the agent/dashboard
  • Visitors to a website where a client chatbot is embedded

15. Types of Personal Data

  • Contact details (name, phone/WhatsApp number, email)
  • Conversation content and call transcripts, and audio recordings where enabled
  • Appointment and scheduling details
  • Lead-qualification responses (e.g. budget, timeline, product interest)
  • CRM record identifiers and related fields the Client chooses to sync

16. Nature and Purpose of Processing

  • Receiving and responding to inbound calls, messages, and chats
  • Generating transcripts and conversation summaries
  • Qualifying leads and scoring intent
  • Booking, confirming, and rescheduling appointments
  • Sending confirmations, reminders, and follow-up messages
  • Updating CRM records with conversation outcomes
  • Retrieving information from the Client's knowledge base to answer questions
  • Generating usage analytics and reporting for the Client

17. Duration of Processing

Processing continues for the term of the applicable services agreement, plus any post-termination retention/return period agreed with the Client or required by law.

18. Contact Details

Questions about this DPA or a request for the current subprocessor list for your engagement can be sent to .

Related policies

Privacy Policy
Controller vs. processor roles
Security & Trust
Security measures in detail
Last updated
Reading timeCalculating…
Request subprocessor list WhatsApp us
AI Agent Mindset

AI Voice & WhatsApp agents for businesses globally — deployed in 72 hours.

Industry Solutions

  • Real Estate
  • Clinics & Healthcare
  • Coaching & Ed-Tech
  • Restaurants
  • Insurance

Resources

  • Blog
  • All Services
  • Voice Agent Demo
  • WhatsApp Demo

Company

  • Home
  • Testimonials
  • FAQ
  • Contact
Privacy Policy Terms of Service Cookie Policy AI Transparency Security Legal & Trust Center
© 2026 AI Agent Mindset. All rights reserved.support@aiagentmindset.com · +91 72757 80348