This Data Processing Addendum applies where an order form, proposal, invoice, or written agreement says it applies, or where AIGENIZE processes Customer Personal Data as a processor on behalf of a customer.
For AIGENIZE's own website, intake, sales, billing, security, and business administration purposes, AIGENIZE acts as a controller as described in the Privacy Policy.
1. Definitions
- Customer means the business receiving SignalScout services.
- Customer Personal Data means personal data processed by AIGENIZE on behalf of Customer under the relevant agreement.
- Data Protection Laws means the GDPR and other privacy laws that apply to the processing.
- Services means SignalScout opportunity profile creation, public signal monitoring, reporting, outreach draft preparation, quality assurance, and related support.
2. Roles
Customer is the controller or processor, as applicable, for Customer Personal Data. AIGENIZE acts as processor when it processes Customer Personal Data on Customer's documented instructions.
AIGENIZE may also act as an independent controller for limited purposes such as account administration, billing, security, legal compliance, and product relationship management.
3. Processing details
| Item | Description |
|---|---|
| Subject matter | Processing Customer Personal Data to configure the opportunity profile, research public business signals, prepare source-linked reports, draft outreach angles, and provide support. |
| Duration | For the term of the services and any retention period required by the agreement, law, security, or dispute handling. |
| Data subjects | Customer staff, customer representatives, prospects, suppliers, public officials in tender contexts, business contacts, and other individuals appearing in business sources or customer-provided context. |
| Data categories | Names, work emails, job titles, company affiliations, public business signals, source URLs, professional context, communications, notes, and report content. |
| Sensitive data | The service is not designed for special-category data, children's data, passwords, secrets, or payment card data. Customer must not submit those categories unless separately agreed in writing. |
4. Processor obligations
- Process Customer Personal Data only on documented instructions unless law requires otherwise.
- Ensure personnel and contractors who access Customer Personal Data are bound by confidentiality obligations.
- Maintain appropriate technical and organisational measures for the nature of the processing.
- Assist Customer with data subject requests, security, breach response, DPIAs, and regulator communications where reasonably required and legally applicable.
- Delete or return Customer Personal Data after service end, unless retention is required by law, security, backups, dispute handling, or agreed retention periods.
5. Sub-processors
Customer authorises AIGENIZE to use sub-processors needed to provide SignalScout. AIGENIZE remains responsible for sub-processor performance of processor obligations.
| Category | Purpose |
|---|---|
| Hosting and deployment providers | Website, API, application delivery, logs, and security. |
| Database and queue providers | Intake storage, job queues, status tracking, and operational records, including Supabase where configured. |
| Email and communications providers | Confirmation emails, service messages, reports, and support communications. |
| AI, search, research, and automation providers | Source review, summarisation, classification, scoring assistance, drafting, and workflow automation. |
| Professional service providers | Legal, accounting, security, and operational support. |
6. International transfers
If processing involves a transfer outside the European Economic Area, AIGENIZE will use a lawful transfer mechanism where required, such as adequacy decisions, standard contractual clauses, or another valid safeguard.
7. Security incidents
AIGENIZE will notify Customer without undue delay after becoming aware of a personal data breach affecting Customer Personal Data and will provide information reasonably available to help Customer meet its legal obligations.
8. Audits and information
AIGENIZE will make information reasonably necessary to demonstrate compliance with this DPA available to Customer. Audits must be reasonable, proportionate, scheduled in advance, and subject to confidentiality and security requirements.
9. Conflict
If this DPA conflicts with another agreement between the parties, the order of precedence is the signed agreement, then this DPA, then other website terms, unless the signed agreement says otherwise.