Data Processing Addendum

Last updated: 11 June 2026 · Version 1.0

This DPA forms part of the agreement between TajuAI ("Processor") and the customer ("Controller") whenever TajuAI processes personal data on the Controller's behalf.

1. Subject matter & duration

Processor processes personal data of Controller's leads, contacts, and end-users to operate the Service, for the duration of the subscription.

2. Nature & purpose

Storage, retrieval, AI analysis, generation of outbound messages and calls, billing.

3. Categories of data subjects

Controller's leads, prospects, customers, employees with platform access.

4. Categories of personal data

Identifiers (name, email, phone, company), business contact info, communications history, AI-generated content, technical/usage metadata.

5. Sub-processors

Supabase (EU), Cloudflare (global), Stripe (US/EU), ElevenLabs (US), Twilio (US), Microsoft (US/EU), xAI (US), Google (US/EU). Controller authorises these sub-processors; we will give 30 days' notice before adding a material new one.

6. International transfers

Transfers outside the EEA/UK rely on the EU Standard Contractual Clauses (2021) and UK IDTA where applicable.

7. Security measures

8. Data subject requests

Processor will assist Controller to fulfil access, rectification, erasure, restriction, portability, and objection requests within the time required by law.

9. Personal data breaches

Processor will notify Controller without undue delay after becoming aware of a breach affecting Controller's data.

10. Return / deletion

On termination, Processor will, at Controller's choice, return or delete personal data within 30 days, except where retention is required by law.

11. Audits

Processor will make available the information necessary to demonstrate compliance and allow audits on reasonable notice.

12. Contact

For DPA matters: tajubusiness@gmail.com

Terms · Privacy