Data Processing Addendum
Plain-English summary (not part of the DPA): When your callers’ personal information flows through our system, you (the Customer) are the data controller and we (Safigo) are the processor / service provider. This DPA spells out what each side does, who our sub-processors are, how we handle data subject requests, and what happens in a breach. It is structured to satisfy PIPEDA, BC PIPA, the CCPA/CPRA “service provider” requirements, and most other US state privacy laws.
1. Parties; relationship to the Terms
This Data Processing Addendum (“DPA”) is entered into between Fabio R. B. Carli, sole proprietor doing business as Safigo (“Safigo”) and the customer accepting the Terms of Service (“Customer”). It supplements, and is incorporated into, the Terms of Service. If there is a conflict between this DPA and the Terms about the processing of personal information, this DPA controls.
Capitalized terms not defined here have the meanings given in the Terms.
2. Definitions
For this DPA:
- “Personal Information” means any information about an identified or identifiable individual, including data described in PIPEDA, the BC PIPA, the CCPA/CPRA, the Virginia VCDPA, the Colorado CPA, and other applicable Privacy Laws.
- “Privacy Laws” means all laws and regulations applicable to the processing of Personal Information, including PIPEDA, BC PIPA, Quebec Law 25, CCPA/CPRA, VCDPA, CPA, CDPA, UCPA, and the privacy laws of Texas, Oregon, Montana, Delaware, Indiana, Iowa, Tennessee, New Hampshire, New Jersey, Kentucky, Maryland, Minnesota, Nebraska, Rhode Island, and any other US state with a comprehensive privacy law in force.
- “Customer Personal Information” means Personal Information that Customer (or its End Callers) provides to or through the Service, including call audio, transcripts, caller phone numbers, booking details, and SMS messages.
- “Sub-processor” means a third party engaged by Safigo to process Customer Personal Information.
- “Process”, “Processing”, “Controller”, “Processor”, “Service Provider”, “Business”, “Data Subject”, and “Personal Data Breach” have the meanings given by applicable Privacy Laws (we use the terms interchangeably as context requires).
3. Roles and scope
3.1. Customer is the Controller / Business of Customer Personal Information. Safigo is the Processor / Service Provider and processes Customer Personal Information only on Customer’s documented instructions and as needed to provide the Service.
3.2. The Terms of Service, this DPA, and Customer’s configuration of the Service constitute Customer’s documented instructions. Additional written instructions must be reasonably feasible and at Customer’s expense.
3.3. Subject matter and purpose of Processing: providing the Service (AI voice receptionist, call handling, recording, transcription, booking workflows, SMS confirmations).
3.4. Duration: for as long as Customer’s account is active, plus any retention period required by applicable law or set out in the Privacy Policy.
3.5. Categories of Data Subjects: End Callers (members of the public who phone Customer’s business), Customer’s authorized users, and Customer’s contacts (employees or agents of Customer).
3.6. Categories of Personal Information: contact information (name, phone number, email, address); voice audio and recordings; transcripts; booking details (service requested, urgency, notes); SMS message content; call metadata (duration, time, outcome).
3.7. Sensitive Personal Information: by default, Customer instructs Safigo not to process Sensitive Personal Information (as defined under the CCPA/CPRA or comparable laws), Protected Health Information (HIPAA), or financial-account credentials. If Customer’s callers volunteer such information during a call, Customer remains the Controller and is responsible for handling it under applicable law; Safigo will process it only as part of the inbound-call recording and transcript and will retain it under the standard retention schedule.
4. Safigo’s obligations as Processor / Service Provider
Safigo will:
a. Process Customer Personal Information only on Customer’s documented instructions and only to provide the Service, except where required by law (in which case Safigo will notify Customer where lawful); b. Not “sell” or “share” Customer Personal Information within the meaning of the CCPA/CPRA or other Privacy Laws; c. Not retain, use, or disclose Customer Personal Information for any purpose other than performing the Service, complying with law, providing the Business Purpose specified in this DPA, or as expressly authorized by Customer (CCPA Service Provider language); d. Not retain, use, or disclose Customer Personal Information outside the direct business relationship between Safigo and Customer (CCPA); e. Not combine Customer Personal Information with personal information received from other sources except as expressly permitted under CCPA Regulations § 7050(b); f. Inform Customer if, in Safigo’s opinion, an instruction infringes Privacy Laws (without obligation to provide legal advice); g. Ensure personnel authorized to Process Customer Personal Information are subject to confidentiality obligations; h. Implement and maintain the security measures described in Section 7; i. Assist Customer with data subject requests, security and breach notifications, data protection assessments, and similar obligations to the extent the Service makes such assistance reasonably feasible; j. Delete or return Customer Personal Information at the end of the Service per Section 9; k. Make available information necessary to demonstrate compliance with this DPA per Section 8.
5. Customer’s obligations as Controller
Customer will:
a. Be responsible for the lawfulness of the Personal Information it provides and for the lawful basis for Processing; b. Provide all required notices and obtain all required consents from End Callers, including recording-disclosure, AI-disclosure, and privacy-notice obligations; c. Process and instruct Safigo to Process Personal Information only in accordance with applicable Privacy Laws; d. Configure the Service securely (including credential hygiene, forwarding configuration, retention settings); e. Promptly forward to Safigo any Data Subject request that Safigo is best positioned to respond to as Processor; f. Not transmit Sensitive Personal Information, PHI, or regulated financial data through the Service except as expressly contracted (see Acceptable Use Policy).
6. Sub-processors
6.1 General authorization
Customer generally authorizes Safigo to engage Sub-processors to deliver the Service, subject to the conditions in this Section 6.
6.2 Current Sub-processors (as of the version date above)
| Sub-processor | Purpose | Location |
|---|---|---|
| OpenAI, L.L.C. | AI language model (gpt-realtime, gpt-4 family), real-time voice generation, transcription (Whisper) | United States |
| Twilio Inc. | Inbound voice connectivity, SMS delivery, phone-number provisioning, SIP trunking | United States |
| LiveKit Cloud Inc. | WebRTC and real-time audio streaming infrastructure | United States |
| Stripe, Inc. (and Stripe Payments Canada Ltd.) | Payment processing, subscription billing, payment-method tokenization | United States and Canada |
| Google LLC (Google Workspace, Cloud) | Email hosting, business communications, ancillary infrastructure | United States |
| Fly.io, Inc. | Application hosting for Safigo SMS dashboard and ancillary services | United States and select global regions |
| Vercel Inc. | Hosting of safigo.ai website and reception-product pages (static + serverless functions) | United States and select global regions |
6.3 New Sub-processors
Safigo will notify Customer of any new Sub-processor at least fourteen (14) days before the new Sub-processor begins Processing Customer Personal Information. Notice will be given by email to the address on Customer’s account or by posting an updated Sub-processor list at https://safigo.ai/dpa.
6.4 Objection right
If Customer has a reasonable, good-faith objection to a new Sub-processor based on the Sub-processor’s data-protection practices, Customer may notify Safigo within fourteen (14) days of the notice. The parties will work in good faith to address the objection. If we cannot, Customer may terminate the Service for the affected portion. Termination under this Section 6.4 is Customer’s sole and exclusive remedy for objection to a Sub-processor.
6.5 Sub-processor accountability
Safigo will impose data-protection obligations on each Sub-processor that are at least as protective of Customer Personal Information as the obligations in this DPA, and remains responsible for the Sub-processor’s performance.
7. Security
7.1 Safigo will implement and maintain reasonable and appropriate administrative, technical, and physical safeguards designed to protect Customer Personal Information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These include:
- TLS 1.2+ encryption in transit;
- Encryption at rest using cloud-provider managed keys;
- Role-based access controls; principle of least privilege;
- Logging, monitoring, and alerting on key services;
- Regular software updates and patching;
- Access reviews;
- Incident-response procedures;
- Sub-processor due diligence and contractual security obligations.
7.2 Safigo will update its security measures from time to time consistent with industry standards. Material reductions will be notified to Customer in writing.
8. Audit / verification
8.1 Safigo will, on reasonable written request, no more than once per twelve-month period (except in the case of a material Personal Data Breach or as required by Privacy Law), provide Customer with:
a. A copy of Safigo’s then-current security policy summary; b. Reasonable responses to a written security questionnaire; c. Where available, copies of relevant Sub-processor third-party audit reports (e.g., SOC 2 reports of OpenAI, Twilio, LiveKit, Stripe).
8.2 On-site audits are not standard and will be considered only where required by Privacy Law and where the requesting Customer covers reasonable costs and signs a confidentiality agreement.
9. Return or deletion of Personal Information
9.1 On termination of the Service, Customer may, by written request within thirty (30) days of termination, request a one-time export of call recordings, transcripts, and booking data in a reasonable machine-readable format.
9.2 After thirty (30) days following termination, Safigo will delete Customer Personal Information per the standard retention schedule in the Privacy Policy, except for:
a. Information Safigo is required to retain by law (tax, accounting, anti-fraud); b. Backup data, which will be deleted in accordance with standard backup-rotation schedules; c. Aggregated, de-identified information that no longer identifies any individual.
10. Personal Data Breach
10.1 Safigo will notify Customer of a Personal Data Breach affecting Customer Personal Information without undue delay, and in any case within seventy-two (72) hours of becoming aware, where notification is required by Privacy Law or warranted by the severity of the breach.
10.2 The notice will include, to the extent then known: a description of the nature of the breach, the categories and approximate number of Data Subjects and records affected, the likely consequences, the measures taken or proposed to mitigate, and a contact point.
10.3 Safigo will reasonably assist Customer with Customer’s own breach-notification obligations under Privacy Laws, including PIPEDA’s “real risk of significant harm” test, similar US state-law thresholds, and any sector-specific laws.
11. Data Subject requests
11.1 If Safigo receives a Data Subject request relating to Customer Personal Information, Safigo will, where lawful, promptly forward the request to Customer and not respond directly except to direct the Data Subject to Customer.
11.2 Safigo will, taking into account the nature of the Processing, assist Customer in fulfilling Data Subject access, correction, deletion, portability, and opt-out requests, by providing reasonable technical means or information at Customer’s request.
12. International transfers
12.1 Customer acknowledges that Sub-processors are located in jurisdictions outside Canada, primarily the United States. Safigo relies on contractual safeguards with each Sub-processor to protect transferred Personal Information.
12.2 For Customers and End Callers in Canada, this transfer is disclosed in the Privacy Policy in compliance with PIPEDA’s accountability and transparency principles and BC PIPA’s notification requirements.
12.3 If new transfer mechanisms are required by law (for example, future Canadian or US-state cross-border-transfer rules), Safigo will work in good faith to put them in place.
13. CCPA / CPRA — Service Provider terms
For purposes of the CCPA/CPRA, Safigo confirms it is a “Service Provider” and:
a. Will not Sell or Share (as defined by the CCPA/CPRA) any Customer Personal Information; b. Will not retain, use, or disclose Customer Personal Information for any purpose other than the Business Purpose specified in this DPA, or as otherwise permitted by the CCPA/CPRA; c. Will not retain, use, or disclose Customer Personal Information outside the direct business relationship between Safigo and Customer; d. Will not combine Customer Personal Information with personal information received from another source, except as expressly permitted by CCPA Regulations; e. Will notify Customer if Safigo determines it can no longer meet its Service Provider obligations under the CCPA/CPRA, in which case Customer may take reasonable steps to stop and remediate the unauthorized use of Customer Personal Information.
14. Other US state privacy laws
To the extent applicable, the obligations Safigo undertakes under Section 13 (CCPA/CPRA Service Provider) are extended on equivalent terms to satisfy the “Processor” or equivalent role under the VCDPA (Virginia), CPA (Colorado), CDPA (Connecticut), UCPA (Utah), the Texas Data Privacy and Security Act, the Oregon Consumer Privacy Act, the Montana Consumer Data Privacy Act, the Delaware Personal Data Privacy Act, the Indiana Consumer Data Protection Act, the Iowa Consumer Data Protection Act, the Tennessee Information Protection Act, the New Hampshire Privacy Act, the New Jersey Data Privacy Act, the Kentucky Consumer Data Protection Act, the Maryland Online Data Privacy Act, the Minnesota Consumer Data Privacy Act, the Nebraska Data Privacy Act, the Rhode Island Data Transparency and Privacy Protection Act, and any other US state comprehensive privacy law that comes into force during the term of this DPA.
15. Canadian Privacy Laws
This DPA is structured to support Customer’s compliance with:
a. PIPEDA — including the accountability principle (Customer is accountable for End-Caller Personal Information transferred to Safigo); the openness principle (sub-processor disclosures); the safeguards principle (Section 7); and the breach-notification rules (Section 10); b. BC PIPA — including notice obligations to End Callers in BC about service-provider transfers outside Canada; c. Quebec Law 25 — to the extent it applies. If Customer has Quebec residents as End Callers, Customer must satisfy Law 25’s transparency, consent, and impact-assessment obligations; Safigo will reasonably assist.
16. Conflicts and order of precedence
If there is a conflict between this DPA and any other agreement between the parties, the order of precedence is: (1) any signed addendum to this DPA; (2) this DPA; (3) the Terms of Service; (4) any other Safigo policies. For Privacy-Law-mandated terms, the more protective interpretation applies.
17. Term
This DPA commences on the Effective Date and remains in force for as long as Safigo Processes Customer Personal Information and for the duration of any obligation that survives termination.
18. Updates
Safigo may update this DPA to reflect changes in Privacy Laws or Sub-processors. Material changes will be notified by email to the address on Customer’s account at least thirty (30) days before the change takes effect.
Customer contact: privacy@safigo.ai
Version 1.0 · Last updated 2026-05-02 · Drafted in good faith without legal counsel; legal review scheduled at customer #3. Read together with the Terms of Service, Privacy Policy, and Acceptable Use Policy.