This Data Processing Addendum ("DPA") forms part of the Master Services Agreement, Terms of Service, or Order Form ("Agreement") between Customer ("Data Fiduciary" / "Controller") and HuskyVoiceAI (AppEQ Inc. and/or its affiliates) ("Processor"). This DPA governs the Processing of Personal Data by Processor in connection with the Services. If there is a conflict between the Agreement and this DPA regarding Processing of Personal Data, this DPA shall prevail. Our DPA is designed to support DPDP-aligned data processing where HuskyVoiceAI acts as a Data Processor for customer-configured workflows.
Definitions
Applicable Data Protection Law: The Digital Personal Data Protection Act, 2023 (India) and, where applicable, the EU GDPR / UK GDPR and other applicable privacy laws.
Personal Data: Any data relating to an identified or identifiable natural person processed through the Services.
Processing: Collection, storage, use, transmission, disclosure, access, or deletion of Personal Data.
Services: AI voice automation, call handling, recording, transcription, analytics, and related services provided by Processor.
Data Fiduciary / Controller: The entity that determines the purposes and means of Processing.
Processor: The entity that Processes Personal Data on behalf of the Data Fiduciary / Controller.
Roles of the Parties
2.1 Customer Role: Customer acts as Data Fiduciary / Controller and determines the purposes and means of Processing.
2.2 Processor Role: Processor acts as Data Processor and Processes Personal Data solely on Customer's documented instructions, as necessary to provide the Services, and in accordance with this DPA and Applicable Data Protection Law.
2.3 Documented Instructions: The Agreement and Customer's use of the Services (including configuration of features) constitute Customer's documented instructions to Processor.
Nature and Purpose of Processing
Processing is described in Schedule A – Description of Processing. This includes categories of Personal Data, nature of Processing operations, purposes of Processing, and duration of Processing.
Categories of Personal Data: Call records, caller names, phone numbers, conversation transcripts, audio recordings.
Processing Operations: Collection, transmission, storage, analysis, aggregation, deletion per retention policy.
Purposes: Service delivery, quality improvement, compliance, security, fraud prevention.
Data Residency & Regional Provisioning
Default hosting is India (AWS Mumbai region). Customer accounts may be provisioned in alternate supported regions upon request and subject to availability and additional terms.
Data Storage: MongoDB Atlas (Mumbai region) for structured data; S3 (Mumbai region) for recordings and files.
Transient Processing: AI inference providers may temporarily process data outside India depending on provider location.
Enterprise Options: Contact sales for alternate regional provisioning where supported.
Processor Obligations
Processor commits to:
• Process Personal Data only on documented instructions from Customer
• Implement appropriate technical and organizational security measures (see Section 10)
• Ensure that persons authorized to process Personal Data are bound by confidentiality
• Assist Customer in fulfilling data subject rights requests within legally mandated timeframes
• Permit Customer audits and inspections of compliance with this DPA
• Delete or return Personal Data upon Customer request or Agreement termination
• Notify Customer without undue delay upon discovering a Data Breach (within 24 hours where feasible)
Data Subject Rights
Processor shall, at Customer's request and direction, assist Customer in fulfilling data subject requests for:
• Access to Personal Data (Right to know)
• Correction of inaccurate data
• Deletion of Personal Data (Right to be forgotten) within retention policy limits
• Data portability in standard format
• Objection to processing where applicable
Sub-Processors & Third Parties
Processor may engage Sub-Processors (including cloud providers and AI inference services) to perform specific Processing activities. Current sub-processors include:
Infrastructure: AWS (India and global regions), MongoDB Atlas (data storage)
AI Services: Third-party AI providers for transcription, translation, and voice synthesis (may process outside India)
Communications: Telecom carriers for call routing and transmission
Processor shall notify Customer of any changes to Sub-Processors with at least 30 days' notice.
International Transfers
Where Personal Data is transferred outside India to jurisdictions without equivalent data protection, Processor ensures compliance via Standard Contractual Clauses (SCCs) or equivalent mechanisms as required by applicable law.
Security Measures
Processor implements industry-standard security measures including:
• AES-256 encryption for data at rest
• TLS 1.2+ encryption for data in transit
• Role-based access control (RBAC) and identity management
• Regular penetration testing and vulnerability assessments
• Multi-factor authentication for all administrative access
• Audit logging and monitoring
• Disaster recovery and business continuity plans
Audit & Compliance
Processor maintains compliance documentation and shall provide audit evidence upon reasonable request. Processor undergoes regular security assessments and maintains certifications as applicable.
Data Breach Notification
Processor shall notify Customer without undue delay (typically within 24 hours) upon discovering a Data Breach affecting Personal Data. Notification shall include the nature of the breach, data affected, likely impact, and remedial steps taken.
Termination & Data Deletion
Upon termination or expiration of the Agreement, Processor shall, at Customer's election:
• Delete all Personal Data (except where retention is required by law)
• Return Personal Data to Customer in standard format
• Provide certification of deletion
Contact Information
For questions about this DPA or data processing practices, contact:
Data Protection Officer: dpo@huskyvoice.ai
Legal Inquiries: legal@huskyvoice.ai
Address: AppEQPlus India Pvt Ltd, Bengaluru, Karnataka, India