Data Processing Agreement
Effective Date: July 23, 2025 | Version 1.0
1. Definitions
| Controller | The entity determining the purposes and means of processing personal data (You, the customer) |
| Processor | Zencraft Consultancy Private Ltd. (operating Gixo.ai) |
| Data Subject | An identified or identifiable natural person whose data is processed |
| Personal Data | Any information relating to a Data Subject |
| Processing | Any operation performed on Personal Data (collection, storage, use, deletion, etc.) |
| Sub-processor | Any third party engaged by Processor to process Personal Data |
2. Scope and Application
This Data Processing Agreement ("DPA") applies when Processor processes Personal Data on behalf of Controller in connection with Gixo.ai services. This DPA supplements and forms part of the Terms of Service between Controller and Processor.
3. Processor Obligations
3.1 General Obligations
The Processor shall:
Process Personal Data only on documented instructions from Controller
Ensure persons authorized to process Personal Data are bound by confidentiality
Implement appropriate technical and organizational security measures
Engage Sub-processors only with Controller's prior written consent
Assist Controller in responding to Data Subject requests
Delete or return all Personal Data upon termination of services
3.2 Security Measures
Encryption in transit and at rest
Access controls and authentication
Regular security assessments
Incident detection and response
Business continuity planning
Employee security training
4. Sub-processors
4.1 Authorized Sub-processors
| Sub-processor | Purpose | Location |
|---|---|---|
| Microsoft Azure | Cloud infrastructure and data storage | Multiple regions |
| Azure Cosmos DB | Database services | Central US |
| OpenAI | AI content generation | United States |
| Anthropic | AI content generation | United States |
| Google (Gemini) | AI content generation | United States |
| Paddle | Payment processing | United Kingdom |
| PayPal | Payment processing | United States |
5. Data Subject Rights
Processor shall assist Controller in fulfilling obligations to respond to Data Subject requests for:
Access to Personal Data
Rectification or erasure
Restriction of processing
Data portability
Objection to processing
Right to be forgotten
6. Data Breach Notification
The notification shall include:
Nature of the breach including categories of data and subjects affected
Approximate number of Data Subjects and data records concerned
Likely consequences of the breach
Measures taken or proposed to address the breach and mitigate effects
Contact details of Data Protection Officer or other contact point
7. International Data Transfers
Processor may transfer Personal Data internationally only with appropriate safeguards:
EU Standard Contractual Clauses (SCCs)
Adequacy decisions by relevant authorities
Other mechanisms approved under applicable data protection laws
Encryption and pseudonymization where appropriate
8. Audit Rights
Controller's Audit Rights
30 days advance notice required
During regular business hours
Maximum once per calendar year
Subject to confidentiality agreement
Audit Process
Security certifications provided
Questionnaire-based assessments
Independent third-party audits
Controller bears audit costs
9. Liability and Indemnification
Each party shall be liable for damages caused by its processing in violation of applicable data protection laws. Processor shall indemnify Controller for damages arising from Processor's breach of this DPA, subject to the limitation of liability provisions in the Terms of Service. Neither party excludes or limits liability for gross negligence, willful misconduct, or where prohibited by applicable law.
10. Term and Termination
This DPA remains in effect for the duration of the Service agreement. Upon termination:
Processor shall delete all Personal Data within 30 days
Controller may request return of data in standard format
Exception: Retention required by applicable law
Processor shall provide written certification of deletion
11. Contact Information
Data Protection Officer
Zencraft Consultancy Private Ltd.
19, KailashDhara, R B Mehta Marg
Ghatkopar East, Mumbai 400077
Maharashtra, India
Email: dpo@gixo.ai
Privacy: privacy@gixo.ai
Phone: Available upon request
