Limited Access·Site is closed for new signups. We'll reopen soon.

AgencyAgency

Data Processing Addendum

Effective: April 26, 2026

This DPA forms part of your Tedigo Agency subscription agreement. By using Tedigo Agency, you accept it for personal data processed by Tedigo on your behalf. We provide a counter-signed PDF on request — email agency@tedigo.net.

1. Definitions

Capitalized terms used but not defined here have the meaning given in the EU General Data Protection Regulation (GDPR) Article 4. "Customer" means the entity that has subscribed to Tedigo Agency. "Tedigo" means Tedigo (the entity providing Tedigo Agency). "Customer Personal Data"means any personal data Tedigo processes on Customer's behalf in connection with Tedigo Agency.

2. Roles

Customer is the controller of Customer Personal Data. Tedigo acts as processor, processing Customer Personal Data only in accordance with Customer's documented instructions (which include the Tedigo Agency subscription agreement and standard product configuration).

3. Scope of processing

  • Subject matter: AI-powered chat and voice receptionist services on Customer's behalf.
  • Duration: The term of the Customer's active Tedigo Agency subscription, plus a 30-day grace period after termination during which Customer may export data.
  • Nature and purpose: Receiving conversation messages and voice audio from Customer's end users, generating AI responses, and storing conversation history. Capturing leads and bookings.
  • Categories of data subjects: Customer's end users (visitors, callers, prospects, customers).
  • Categories of personal data: Names, email addresses, phone numbers, message content, voice audio recordings, transcripts, IP addresses, and any data Customer's end users voluntarily share in conversations.

4. Tedigo's obligations

Tedigo will:

  • Process Customer Personal Data only on Customer's documented instructions.
  • Ensure that personnel authorized to process Customer Personal Data are bound by confidentiality obligations.
  • Implement and maintain appropriate technical and organizational measures, including encryption in transit and at rest, role-based access control, audit logging, and least-privilege access.
  • Assist Customer in responding to data-subject requests (access, deletion, rectification, portability) using Tedigo Agency's built-in export and deletion tools.
  • Notify Customer without undue delay (and within 72 hours where feasible) upon becoming aware of a personal-data breach affecting Customer Personal Data.
  • On termination, delete or return all Customer Personal Data after the 30-day grace period, unless retention is required by law.

5. Subprocessors

Customer authorizes Tedigo to engage the subprocessors listed at /legal/subprocessors. Tedigo will:

  • Maintain that public list and update it when subprocessors change.
  • Provide at least 30 days' advance notice before adding a new subprocessor.
  • Impose contractual data-protection obligations on each subprocessor that are no less protective than this DPA.
  • Remain liable for the acts and omissions of subprocessors as if they were Tedigo's own.

Customer may object to a new subprocessor by email within 30 days of notice. If a commercially reasonable accommodation cannot be reached, Customer may terminate the affected service with a prorated refund.

6. International data transfers

Tedigo's primary processing region is the United States (Hetzner, Ashburn, VA). For Customer Personal Data subject to GDPR, the EU-US Data Privacy Framework (where the relevant subprocessor is DPF-certified) and Standard Contractual Clauses (Module 2 or Module 3, as applicable) apply. EU residency (Hetzner Falkenstein, DE / Helsinki, FI) is available on request.

7. Audit rights

Customer may, on reasonable prior notice (at least 30 days, except in cases of regulatory inquiry), request a written summary of Tedigo's most recent third-party security audit or penetration test. Customer may, no more than once per 12-month period, conduct a remote on-site audit at Customer's expense, scoped to compliance with this DPA, subject to confidentiality and operational-impact protections.

8. Liability

Each party's liability under this DPA is subject to the limitations and exclusions set forth in the Tedigo Agency subscription agreement.

9. Standard Contractual Clauses

Where required for international transfers, the EU Commission's Standard Contractual Clauses (2021/914) are incorporated by reference, with Tedigo as the data importer (Module 2: controller-to-processor, or Module 3: processor-to-processor where the Customer is itself a processor for its own end users). Annexes I, II, and III are populated by reference to: (Annex I) the parties (Customer as identified in the subscription, Tedigo) and the data described in Section 3 above; (Annex II) the security measures described in Section 4 above; (Annex III) the subprocessor list at /legal/subprocessors.

10. Counter-signed copy

Need a counter-signed PDF for procurement or compliance? Email agency@tedigo.net with your company name, address, and DPO contact. We turn these around within one business day.