DATA PROCESSING AGREEMENT

In this DPA, "Customer" means the entity that has agreed to the Terms of Service; "Processor" means Agora; "Personal Data" means data processed on behalf of Customer; "Sub-processor" means any third party engaged by Processor. Terms not defined here have the meaning given in the GDPR or applicable law.

This DPA applies when Agora processes Personal Data on behalf of Customer in connection with the services. It supplements the Terms of Service and applies to the extent that processing is subject to GDPR or equivalent data protection law.

Agora processes Personal Data only on documented instructions from Customer, unless required by law. Customer instructs Agora to process data as necessary to provide the AI marketing platform, including agent execution, task management, and integrations.

Agora ensures that personnel authorized to process Personal Data are bound by confidentiality obligations. Access is limited to those who need it to perform the services.

Agora implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption, access controls, and regular assessments. See our Security page for details.

Agora may engage Sub-processors (e.g., cloud hosting, AI providers) to process Personal Data. We maintain a list of Sub-processors and will notify Customer of changes. Customer may object to new Sub-processors on reasonable grounds.

Agora assists Customer in responding to requests from data subjects (access, rectification, erasure, restriction, portability, objection). Customer is responsible for verifying the requester's identity. We will respond to Customer's requests within a reasonable time.

In the event of a personal data breach, Agora will notify Customer without undue delay and provide information necessary for Customer to meet its breach notification obligations. We will take steps to mitigate the breach and document the incident.

Customer may request information necessary to demonstrate compliance with this DPA. Agora will participate in audits by providing documentation and, where required, allowing inspections, subject to confidentiality and reasonable notice.

Upon termination of services, Agora will delete or return Personal Data as instructed by Customer, unless retention is required by law. Deletion will be completed within the timeframe specified in the Terms or as agreed.