Data Processing Agreement

Last Updated: February 2026

This Data Processing Agreement ("DPA") forms part of the agreement between DailyBot, Inc. ("Processor") and the customer entity ("Controller") for the provision of DailyBot's services. This DPA governs the processing of personal data by DailyBot on behalf of the Controller.

1. Definitions

  • "Personal Data" means any information relating to an identified or identifiable natural person processed through the Platform.
  • "Processing" means any operation performed on Personal Data, including collection, storage, use, and deletion.
  • "Data Subject" means the identified or identifiable natural person to whom the Personal Data relates.
  • "Sub-processor" means a third party engaged by DailyBot to process Personal Data on behalf of the Controller.

2. Scope and Purpose

This DPA applies to the processing of Personal Data by DailyBot in the course of providing its team orchestration services. The purpose of processing is to deliver the Platform's features, including check-ins, workflows, analytics, and AI-powered insights.

The categories of Data Subjects include the Controller's employees, contractors, and team members who use the Platform. The types of Personal Data processed include names, email addresses, chat messages, check-in responses, and usage analytics.

3. Data Processing Details

DailyBot processes Personal Data only on documented instructions from the Controller, unless required by applicable law. The duration of processing corresponds to the term of the service agreement plus any retention period required by law.

4. Obligations of DailyBot

DailyBot shall:

  • Process Personal Data only in accordance with the Controller's documented instructions
  • Ensure that personnel authorized to process Personal Data have committed to confidentiality
  • Implement appropriate technical and organizational measures to ensure security of processing
  • Assist the Controller in responding to requests from Data Subjects
  • Notify the Controller without undue delay of any Personal Data breach
  • Delete or return all Personal Data upon termination of the service agreement
  • Make available all information necessary to demonstrate compliance with this DPA

5. Sub-processors

DailyBot may engage Sub-processors to assist in providing the Platform. DailyBot shall maintain a current list of Sub-processors and notify the Controller of any changes. The Controller may object to a new Sub-processor within 30 days of notification.

DailyBot ensures that Sub-processors are bound by data protection obligations no less protective than those in this DPA. DailyBot remains responsible for the acts and omissions of its Sub-processors.

6. Data Subject Rights

DailyBot shall assist the Controller in fulfilling its obligations to respond to Data Subject requests, including requests for access, rectification, deletion, portability, and restriction of processing. DailyBot shall notify the Controller promptly of any request received directly from a Data Subject.

7. Data Breach Notification

DailyBot shall notify the Controller without undue delay, and in any event within 72 hours, after becoming aware of a Personal Data breach. The notification shall include the nature of the breach, categories and approximate number of Data Subjects affected, likely consequences, and measures taken or proposed to address the breach.

8. Data Return and Deletion

Upon termination of the service agreement, DailyBot shall, at the Controller's choice, delete or return all Personal Data within 30 days, unless applicable law requires continued storage. DailyBot shall provide certification of deletion upon request.

9. Audit Rights

DailyBot shall make available to the Controller all information necessary to demonstrate compliance with this DPA and allow for audits and inspections. Audits shall be conducted with reasonable notice and during normal business hours, subject to confidentiality obligations.

10. Governing Law

This DPA shall be governed by and construed in accordance with the laws applicable to the main service agreement between the parties. For EU Data Subjects, EU data protection law shall apply to the extent it provides greater protection.

For questions about this DPA, contact us at: legal@dailybot.com