Data Processing Addendum (DPA)

1. Subject matter and duration

ReplyMantra processes personal data only to provide the hosted chatbot, training, retrieval, analytics, security, and support services described in the main service agreement or customer order.

Processing continues only for the duration of the customer’s use of the service, plus any limited period required for secure deletion, backups, legal compliance, or dispute resolution.

2. Nature and purpose of processing

• Hosting customer account and workspace records.
• Ingesting files and website content submitted for training or indexing.
• Generating embeddings, storing vector metadata, and retrieving relevant knowledge for chatbot responses.
• Storing, routing, and displaying chatbot conversations and related lead-capture data.
• Providing logging, support, abuse prevention, monitoring, and incident response.

3. Categories of personal data and data subjects

• Data subjects may include customer personnel, website visitors, end users, prospects, leads, and support contacts.
• Personal data may include names, email addresses, phone numbers, company details, chat contents, uploaded document contents, page URLs, IP addresses, user agent strings, and operational metadata.

4. Customer instructions

ReplyMantra will process personal data only on documented instructions from the customer, unless otherwise required by applicable law. The customer’s use of the platform features, settings, APIs, and support requests forms part of those instructions.

5. Confidentiality and personnel

ReplyMantra ensures that personnel authorized to process personal data are bound by confidentiality obligations and receive appropriate access controls and operational guidance.

6. Security measures

ReplyMantra maintains technical and organizational measures appropriate to the risk, including secure access controls, environment protections, logging, backup processes, change controls, and measures designed to preserve confidentiality, integrity, availability, and resilience.

7. Subprocessors

ReplyMantra may engage subprocessors to support infrastructure, AI processing, hosting, storage, support, analytics, or security operations. We remain responsible for our subprocessors’ relevant processing obligations under this DPA.

Where required by law, ReplyMantra will provide customers with notice of material changes to subprocessors and a reasonable opportunity to object where legally required.

8. Assistance to the customer

• Reasonable assistance with data subject rights requests, taking into account the nature of processing.
• Reasonable assistance with security incident response, breach notification support, and documentation needed for investigations or regulatory obligations.
• Reasonable assistance with impact assessments or prior consultations where the information is available to ReplyMantra and relevant to the service.

9. Return and deletion

Upon termination or written request, ReplyMantra will delete or return customer personal data in accordance with the service’s functionality and retention model, unless applicable law requires continued storage. Backup or archival copies may remain temporarily until overwritten in the ordinary course of business.

10. Audits and information

ReplyMantra will make available information reasonably necessary to demonstrate compliance with this DPA and may satisfy audit-related obligations through existing documentation, certifications, security materials, and written responses, subject to confidentiality, proportionality, and operational safeguards.

11. International transfers

Where required, ReplyMantra will implement appropriate safeguards for restricted transfers, including recognized contractual mechanisms and related supplementary protections where applicable.

12. Order of precedence

If there is a conflict between this DPA and another agreement covering the same processing, this DPA governs with respect to data protection matters, except to the extent mandatory law requires a different outcome.