DATA Processing Agreement ("DPA")
This Data Processing Agreement ("DPA") is an addendum to the Terms of Service between AMUN AI ("Data Processor") and the business entity utilizing the Service ("Client" or "Data Controller").
1. DEFINITIONS AND ROLES
1.1 Regulatory Roles. Under data privacy regulations, including the General Data Protection Regulation (GDPR), Personal Data Protection Acts (PDPA), and regional Personal Data Protection (PDP) Laws, the Client operates as the Data Controller (the entity determining the purpose of the data). AMUN AI operates strictly as the Data Processor (the entity processing data on behalf of the Client). 1.2 Scope. This DPA applies to any data processed by AMUN AI on behalf of the Client while providing the SaaS platform and highly specialized AI Agents.
2. SCOPE OF DATA PROCESSING AND LIABILITY
2.1 Processing Engine. AMUN AI provides backend SaaS infrastructure to operate highly specialized AI Agents. These Agents process data provided, connected, or configured by the Client. 2.2 Client Responsibility for Data Origin. AMUN AI acts exclusively as the data processor. AMUN AI does not monitor, audit, or control the source of the Client’s data. The Client bears sole and absolute responsibility for the origin of their data and for ensuring they have the appropriate rights to process it through the AMUN AI platform. 2.3 Disclaimer of Liability. AMUN AI assumes zero legal, regulatory, or financial liability for how the Client acquired, sourced, or originated their data.
3. STRICT PROHIBITIONS ON DATA USE
AMUN AI respects the absolute confidentiality and proprietary nature of the Client’s data. AMUN AI legally commits to the following absolute restrictions: 3.1 No AI Model Training. AMUN AI shall not use, and strictly prohibits the use of, the Client’s data (including both input data and generated outputs) to train, fine-tune, or improve general or foundational artificial intelligence models. 3.2 No Sale of Data. AMUN AI shall not sell, rent, lease, or monetize the Client's data to any third party under any circumstances. 3.3 Restriction of Purpose. AMUN AI shall not process, access, or utilize the Client's data for any purpose outside the direct provision of the Service as outlined in the Terms of Service.
4. AUTHORIZED SUB-PROCESSORS
4.1 Cloud Infrastructure and APIs. The Client acknowledges and agrees that AMUN AI utilizes enterprise-grade, third-party cloud infrastructure and industry-standard APIs (including but not limited to providers such as OpenAI, Google Cloud, and Microsoft Azure) to deliver the Service. 4.2 Sub-processor Compliance. AMUN AI ensures that any engaged Sub-processor is subject to strict confidentiality obligations and data protection standards that are materially equivalent to those set forth in this DPA, particularly regarding the absolute prohibition of using Client data for AI model training.
5. DATA SECURITY AND CONFIDENTIALITY
5.1 Security Measures. AMUN AI implements and maintains appropriate technical and organizational security measures designed to protect the Client’s data against unauthorized access, accidental loss, destruction, or alteration. 5.2 Personnel Confidentiality. AMUN AI ensures that all internal personnel authorized to access the infrastructure are bound by strict statutory or contractual Non-Disclosure Agreements (NDAs) and obligations of confidentiality
6. DATA BREACH NOTIFICATION
In the event of a confirmed security breach resulting in the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of the Client’s data within the AMUN AI infrastructure (a "Data Breach"), AMUN AI shall: (a) Notify the Client without undue delay, and in no event later than seventy-two (72) hours after becoming aware of the Data Breach. (b) Provide the Client with reasonable assistance and information required to fulfill the Client's regulatory reporting obligations.
7. DATA DELETION AND RETENTION
7.1 Mandatory Purge. Upon the termination of the Client's subscription, or upon a formal written request for data erasure by the Client, AMUN AI shall execute the deletion of all relevant data from its systems. 7.2 Thirty-Day Cycle. All deletions shall be irreversibly completed within a maximum transition and retention period of thirty (30) days following the termination or request date. Following this cycle, AMUN AI will hold no residual copies of the Client's data, except where retention is strictly required by law.
8. COMPLIANCE ASSISTANCE
AMUN AI shall provide reasonable technical assistance to the Client, taking into account the nature of the processing, to enable the Client to respond to requests from individuals exercising their data privacy rights (e.g., the right to access or the right to be forgotten) under applicable data protection laws.
