Data Processing Agreement

Effective date: Jul 12, 2026

This Data Processing Agreement ("DPA") forms part of the agreement between Omixo AI ("Processor") and the business using the Platform ("Controller"/"Merchant"), and applies whenever Omixo AI processes personal data on the Merchant's behalf.

1. Roles

The Merchant is the controller and determines the purposes and means of processing. Omixo AI is the processor and processes personal data only on the Merchant's documented instructions, including via the Platform's configuration and connected integrations.

2. Scope of processing

Subject matterProvision of messaging, voice and AI communication services.
DurationFor the term of the Merchant's account; deleted thereafter per the retention terms.
Nature & purposeSending communications, running AI assistants, reporting and billing.
Data subjectsThe Merchant's own customers and contacts.
Data categoriesName, phone, email, address, order/interaction details, message & call content and metadata, consent status.

3. Processor obligations

4. Sub-processors

The Merchant authorises Omixo AI to engage sub-processors necessary to deliver the service (e.g. Meta/WhatsApp, telecom carriers, AI providers, hosting). Omixo AI imposes data-protection obligations on each sub-processor no less protective than this DPA and remains responsible for their performance.

5. International transfers

Where personal data is transferred across borders, Omixo AI relies on an appropriate lawful transfer mechanism. Primary hosting is in India.

6. Data-subject requests

Omixo AI will, taking into account the nature of processing, assist the Merchant by appropriate measures to fulfil access, correction, deletion, and objection requests, including via automated erasure hooks for connected integrations.

7. Breach notification

Omixo AI will notify the Merchant without undue delay after becoming aware of a personal-data breach affecting the Merchant's data, with the information needed to meet the Merchant's own notification obligations. See our incident-response process in the Security statement.

8. Deletion / return

On termination, or on a Merchant's request, Omixo AI deletes or returns the personal data and deletes existing copies, except where retention is required by law. For integrations, uninstalling the app triggers deletion of that integration's stored data.

9. Audits

Omixo AI makes available information necessary to demonstrate compliance and, on reasonable request and subject to confidentiality, supports audits by the Merchant or its mandated auditor.