Data Processing Agreement

This Data Processing Agreement ("DPA") forms part of the agreement between:

• Data Controller: The Client — the entity that determines the purposes and means of processing prospect data
• Data Processor: AIBZPro LLC — processes personal data on behalf of the Client to deliver AI sales agent services

This DPA applies when AIBZPRO processes personal data of EU/EEA residents on behalf of the Client, in accordance with the General Data Protection Regulation (GDPR).

AIBZPRO processes personal data solely to provide the contracted AI sales agent services, including:

• Prospect discovery from public data sources
• Contact information enrichment and verification
• Personalized outreach email generation
• Pipeline management and deal tracking
• Performance analytics and reporting

Categories of Data Subjects

Business professionals and decision-makers identified as potential prospects for the Client's services.

Types of Personal Data

Business contact information: name, business email, phone number, job title, company name, LinkedIn profile URL, company website URL.

AIBZPRO, as Data Processor, shall:

• Process personal data only on documented instructions from the Controller
• Ensure that persons authorized to process the data have committed to confidentiality
• Implement appropriate technical and organizational security measures
• Not engage additional sub-processors without prior written authorization from the Controller
• Assist the Controller in responding to data subject rights requests
• Delete or return all personal data upon termination of the service, at the Controller's choice
• Make available all information necessary to demonstrate compliance with GDPR obligations

The Controller authorizes AIBZPRO to use the following sub-processors:

Changes to sub-processors will be communicated to the Controller 30 days in advance. The Controller may object to a new sub-processor, in which case the parties will work to resolve the concern or the Controller may terminate the affected services.

AIBZPRO implements the following technical and organizational measures:

• Encryption in transit (TLS 1.2+) and at rest
• Row-level security (RLS) in the database layer
• Access controls based on the principle of least privilege
• Regular security reviews and infrastructure audits
• Secure API key management via environment variables

When personal data is transferred outside the EU/EEA, AIBZPRO relies on:

• Standard Contractual Clauses (SCCs) as adopted by the European Commission
• Adequacy decisions where available
• Supplementary measures as required by the Schrems II decision

AIBZPRO will assist the Controller in fulfilling data subject requests including:

• Right of access
• Right to rectification
• Right to erasure
• Right to restriction of processing
• Right to data portability
• Right to object

Requests will be acknowledged within 5 business days and completed within 30 days.

This DPA remains in effect for the duration of the service agreement. Upon termination:

• All personal data will be returned or securely deleted within 14 business days
• AIBZPRO will provide written confirmation of data deletion upon request
• Obligations regarding confidentiality and data security survive termination