Data Processing Agreement

This Data Processing Agreement (hereinafter referred to as “Agreement” or “DPA”) is entered into by and between YourGPT ("Processor"), and the user or customer ("Controller"), collectively referred to as the "Parties". The Processor does not own the data but is processing it on behalf of the Controller. The Processor is a corporation providing services as described in the agreement, and the Controller is identified as the user of the services.

Purpose and Scope

This Agreement sets forth the terms under which the Processor will process data on behalf of the Controller in connection with the services provided under the Services Agreement between the Parties ("Services Agreement"). This Agreement is designed to ensure compliance with the requirements of the California Online Privacy Protection Act (CalOPPA), the General Data Protection Regulation (GDPR) of the European Union, and the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

This DPA governs the processing of data by YourGPT on behalf of the Customer in connection with the services provided, including but not limited to AI Chatbot and LLM Spark (collectively referred to as "Services"). The services are accessible via the website https://yourgpt.ai/.

Please refer to our Privacy Policy and Terms and Conditions for more details about how we handle and protect your data.

Definitions

In the context of this Data Processing Agreement (DPA), the following terms shall have the meanings outlined below:

  • "Agreement" or "DPA" refers to the legally binding contract established between YourGPT("Processor") and the user ("Controller").
  • "Parties" collectively refers to the Processor and the Controller, who jointly implement and adhere to the stipulations of this Agreement.
  • "data" as defined by the General Data Protection Regulation (GDPR), refers to any information that can be used to identify a natural person.
  • "Data Subject" refers to the natural person whose data is processed. "Processing" encapsulates any operation or set of operations performed on data, irrespective of the method of execution.
  • "Services Agreement" refers to the separate contractual agreement outlining the services that YourGPT provides to the Controller.
  • "GDPR" is the acronym for the General Data Protection Regulation, a legislative act passed by the European Union to safeguard data and privacy.
  • "CCPA" and "CPRA" are the acronyms for the California Consumer Privacy Act and the California Privacy Rights Act respectively, which are legislative acts passed by the State of California to protect the privacy and personal data of its residents.
  • "CalOPPA" stands for the California Online Privacy Protection Act, another privacy law enacted by the State of California.
  • "Services" refer to the various solutions provided by YourGPT, which may include but are not limited to AI Chatbot and LLM Spark.
  • "Business", as per the definition in the CCPA, refers to the Controller in the context of this Agreement.
  • "Service Provider", as per the definition in the CCPA, refers to YourGPT in the context of this Agreement.

Processor Obligations

  • 3.1 The Processor agrees to process Data only on instructions from the Controller.
  • 3.2 The Processor ensures that persons authorised to process the data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
  • 3.3 The Processor will implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of the GDPR.
  • 3.4 The Processor will assist the Controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR, taking into account the nature of processing and the information available to the Processor.
  • 3.5 The Processor agrees to delete data upon request from the Controller. You can raise a data deletion request at any time on the platform or by contacting our support team at [email protected].

Controller Obligations

  • 4.1 The Controller shall provide the Processor with instructions for processing of data and ensure that the instructions are lawful.
  • 4.2 The Controller has the responsibility to inform the Processor without delay if it believes that any of the Processor's actions infringe upon data protection laws.
  • 4.3 In case of a data breach, the Controller shall, without undue delay, notify the Processor of the breach and cooperate with the Processor to take appropriate remedial actions.
  • 4.4 The Controller is responsible to ensure that its use of the services provided by YourGPT is in accordance with all applicable Data Protection Laws. This includes ensuring that:
    • ii. The Controller has the right to transfer, or provide access to, the data to YourGPT for processing in accordance with the terms of the Agreement (including this DPA).
    • i. The Controller is authorized to appoint YourGPT to process data on its behalf in accordance with this DPA.
    • iii. The Controller’s instructions with respect to the Processing of data comply with applicable laws, including Data Protection Laws.

Data Subject Rights

The Processor shall assist the Controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controller's obligation to respond to requests for exercising the Data Subject's rights laid down in Chapter III of the GDPR.

Transfers of Data

The Processor may not host or transfer data to servers outside the EU/EEA without the prior consent of the Controller and only upon ensuring that such transfer is in compliance with the applicable data protection laws. Exceptions may be permitted only if they are essential for the operational functionality and utilization of the platform.

Deletion or Return of Company data

Upon the cessation of its services to the company, Data Processor shall promptly delete all copies of Company data following the termination of Services. Data Processor shall provide written certification to the Company that it has fully complied with this Section.

Governing Law and Jurisdiction

This Agreement shall be governed by the laws of a mutually agreed-upon jurisdiction. Any disputes arising from this Agreement shall be resolved through good faith negotiations between the Parties. If negotiations fail, the Parties agree to resolve disputes through arbitration in a neutral jurisdiction agreed upon by both Parties.

CCPA Processing

When processing California Personal Information in accordance with the user’s instructions, the parties acknowledge and agree that the user is a Business and YourGPT is a Service Provider for the purposes of the CCPA. The parties agree that YourGPT will Process California Personal Information as a Service Provider strictly for the purpose of performing the Software Services and Professional Services under the Agreement (the “Business Purpose”) or as otherwise permitted by the CCPA.

Provisions from GDPR

The Processor is committed to complying with the provisions of the General Data Protection Regulation (GDPR). These include, but are not limited to, the obligation to process data lawfully, fairly, and in a transparent manner, the obligation to ensure that data is collected for specified, explicit, and legitimate purposes, and the obligation to ensure that data is accurate and, where necessary, kept up to date.

Amendment and Termination

This Agreement is open to amendments at any time and can be modified solely at the discretion of the Processor, while ensuring the interests of both Parties are respected. This Agreement will cease automatically when the Services Agreement between the Parties concludes.

Automatic Agreement

By using our services, the user automatically agrees to this Data Processing Agreement, along with our Privacy Policy and Terms and Conditions. This Agreement applies to every user.