Data Processing Addendum (DPA)

Operational draft — review by counsel before launch.

Roles

For personal data of your callers, you are the Data Fiduciary; Ekav is a Data Processor acting on your documented instructions.

Scope

Ekav processes the categories of personal data described in the privacy policy, for the purpose of providing the service you have subscribed to.

Technical & organisational measures

Encryption of PII at rest (AES-GCM), short-TTL signed URLs for recordings, per-tenant data isolation, append-only audit logging, SSRF defence on outbound webhooks, defence-in-depth LLM guardrails.

Sub-processors

As listed in the privacy policy. Material changes will be notified through the dashboard.

Data subject requests

Ekav will assist the Data Fiduciary in honouring access, correction and erasure requests within statutory timelines.

Audit

Audit logs are available to the Data Fiduciary through the dashboard. Independent third-party audit reports will be made available on request once published.