AURA AGENTS

Data Processing Addendum

Our processor commitments for client (end-customer) data.

LAST UPDATED — 17 JUNE 2026

1. Roles

For personal data of end-customers processed through the agents, the client is the controller and AURA Agents is the processor. This DPA forms part of the agreement.

2. Scope & instructions

We process personal data only to provide the service and per the client's documented instructions, and as required by law.

3. Confidentiality

Personnel with access are bound by confidentiality and least-privilege access.

4. Security

We maintain technical and organizational measures: encryption in transit/at rest, access controls, tenant isolation by client, audit logging, and backups.

5. Subprocessors

We use vetted subprocessors to operate the service, under contract. The client authorizes their use; we impose data-protection terms on each and remain responsible for their performance. A current list is available to clients on request, and we'll give notice of material changes.

6. Data-subject requests

We assist the client in responding to access/deletion/correction requests and, where applicable, provide self-service export/delete.

7. Breach notification

We notify the client without undue delay after becoming aware of a personal-data breach affecting their data.

8. International transfers

Where data crosses borders, we use appropriate safeguards (e.g. SCCs) as required by GDPR/UK-GDPR; PDPL/DPDP equivalents apply for those regions.

9. Return & deletion

On termination, we delete or return personal data per the agreement, subject to legal retention.

10. Audit

We make available information needed to demonstrate compliance and support reasonable audits, subject to confidentiality.