Data Processing Addendum

Roles

Customer is the controller. Neuralicity is the processor.

Purpose

Neuralicity processes Customer Personal Data to provide the services described in the Terms.

Categories of data

Contact information. Call metadata. Optional transcripts and recordings if enabled by Customer. No special category data is required for the base service.

Subprocessors

Neuralicity may use vetted subprocessors for hosting, telephony, speech services, and monitoring. A current list is available upon request. Neuralicity will notify Customer of material changes.

Security

Neuralicity implements technical and organizational measures including access controls, encryption in transit and at rest where feasible, least privilege, and logging.

International transfers

If data is transferred internationally, appropriate safeguards such as Standard Contractual Clauses will apply.

Assistance

Neuralicity will assist Customer with data subject requests and security incident notifications as required by law.

Retention and deletion

Upon termination or upon written request, Neuralicity will delete or return Customer Personal Data, subject to legal retention obligations and backup cycles.

Audits

Customer may request a summary of Neuralicity’s security controls and certifications. Formal audits require reasonable notice and may be limited to protect confidentiality.