Data Processing Addendum
Our processor commitments for client (end-customer) data.
LAST UPDATED — 17 JUNE 2026
1. Roles
For personal data of end-customers processed through the agents, the client is the controller and AURA Agents is the processor. This DPA forms part of the agreement.
2. Scope & instructions
We process personal data only to provide the service and per the client's documented instructions, and as required by law.
3. Confidentiality
Personnel with access are bound by confidentiality and least-privilege access.
4. Security
We maintain technical and organizational measures: encryption in transit/at rest, access controls, tenant isolation by client, audit logging, and backups.
5. Subprocessors
We use vetted subprocessors to operate the service, under contract. The client authorizes their use; we impose data-protection terms on each and remain responsible for their performance. A current list is available to clients on request, and we'll give notice of material changes.
6. Data-subject requests
We assist the client in responding to access/deletion/correction requests and, where applicable, provide self-service export/delete.
7. Breach notification
We notify the client without undue delay after becoming aware of a personal-data breach affecting their data.
8. International transfers
Where data crosses borders, we use appropriate safeguards (e.g. SCCs) as required by GDPR/UK-GDPR; PDPL/DPDP equivalents apply for those regions.
9. Return & deletion
On termination, we delete or return personal data per the agreement, subject to legal retention.
10. Audit
We make available information needed to demonstrate compliance and support reasonable audits, subject to confidentiality.