Back to Home

Data Processing Agreement

Last updated: December 24, 2025

1. Preamble

This Data Processing Agreement ("DPA") forms part of the Terms of Service between Joaji Inc. ("Processor") and the Customer ("Controller") to reflect the parties' agreement with regard to the processing of personal data.

2. Definitions

"GDPR" means Regulation (EU) 2016/679 of the European Parliament and of the Council. The terms "Controller", "Processor", "Data Subject", "Personal Data", "Processing", and "Personal Data Breach" shall have the meanings given to them in the GDPR.

3. Processing of Personal Data

The Processor shall process Personal Data only on behalf of the Controller and in accordance with the written instructions of the Controller (including as set forth in the Agreement and this DPA), unless otherwise required by applicable law.

The subject matter, nature, and purpose of the processing, the type of Personal Data, and categories of Data Subjects are set out in Annex 1.

4. Security Measures

The Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing.

6. Audit Rights

The Processor shall make available to the Controller on request all information necessary to demonstrate compliance with this DPA, and shall allow for and contribute to audits, including inspections, by the Controller or an auditor mandated by the Controller in relation to the Processing of the Personal Data.

7. Data Subject Rights

The Processor shall, to the extent legally permitted, promptly notify the Controller if it receives a request from a Data Subject to exercise their rights (to access, correct, amend, or delete personal data). The Processor shall not respond to any such Data Subject request without the Controller's prior written consent, except to confirm that the request relates to the Controller.

8. Personal Data Breach

The Processor shall notify the Controller without undue delay after becoming aware of a Personal Data Breach affecting the Controller's Personal Data. The Processor shall provide the Controller with sufficient information to allow the Controller to meet any obligations to report or inform Data Subjects of the Personal Data Breach.

9. Term and Termination

This DPA shall remain in effect as long as the Processor processes Personal Data on behalf of the Controller. Upon termination of the Principal Agreement, the Processor shall delete or return all Personal Data to the Controller, at the choice of the Controller, unless applicable law requires storage of the Personal Data.

Annex 1: Details of Processing

  • Subject Matter: The subject matter of the data processing is the performance of the Services pursuant to the Agreement.
  • Duration: As defined in the Agreement.
  • Nature and Purpose: Automated Quality Assurance, Audio Analysis, Transcription, and Analytics.
  • Data Categories: Audio recordings, Call transcripts, Metadata (time, duration, agent ID), Customer sentiment data.
  • Data Subjects: Customers of the Controller (end-users) and Employees/Agents of the Controller.

Annex 2: Security Measures

  • Encryption: Data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
  • Access Control: Role-based access control (RBAC) and Multi-Factor Authentication (MFA) for administrative access.
  • Vulnerability Management: Regular penetration testing and automated vulnerability scanning.
  • Physical Security: Hosting provider (AWS/GCP/Azure) maintains SOC 2 Type II compliance.

Contact Information

For any inquiries regarding this DPA, please contact us at: support@assureqai.com.