Data Processing Agreement (DPA)

Last updated: February 25, 2026

This Data Processing Agreement ("DPA") forms part of the agreement between WebDialogAI ("Processor") and the Customer ("Controller") for the use of the WebDialogAI platform.

1. Definitions

"Personal Data" — any information relating to an identified or identifiable natural person processed through the Service
"Processing" — any operation performed on Personal Data, including collection, storage, use, and deletion
"Sub-processor" — a third party engaged by WebDialogAI to process Personal Data

2. Scope of Processing

WebDialogAI processes Personal Data on behalf of the Customer for the following purposes:

Receiving and storing chat messages from End Users
Processing messages through AI models to generate responses
Providing conversation management through the dashboard
Storing and serving knowledge base content for AI context

2.1 Types of Personal Data

Chat message content
Visitor names and email addresses (when provided)
IP addresses
Browser user agent strings
Session identifiers

2.2 Data Subjects

End Users who interact with the Customer's chat widget
Customer's employees and agents who use the dashboard

3. Obligations of WebDialogAI

WebDialogAI shall:

Process Personal Data only on documented instructions from the Customer
Ensure that persons authorized to process Personal Data are under obligations of confidentiality
Implement appropriate technical and organizational security measures
Assist the Customer in responding to data subject requests (access, deletion, portability)
Delete or return all Personal Data upon termination of the agreement, at the Customer's choice
Make available information necessary to demonstrate compliance

4. Sub-processors

WebDialogAI uses the sub-processors listed on our Sub-processors page.

We will notify the Customer of any intended changes to sub-processors
The Customer may object to new sub-processors within 30 days of notification
WebDialogAI remains liable for its sub-processors' compliance

5. Data Transfers

Where Personal Data is transferred outside the Customer's jurisdiction, WebDialogAI ensures appropriate safeguards are in place, such as Standard Contractual Clauses or equivalent mechanisms.

6. Security Measures

WebDialogAI implements the following security measures:

Encryption in transit (TLS 1.2+)
Encrypted database connections
Access control with role-based permissions
Token-based authentication
Regular security assessments
Infrastructure monitoring

7. Data Breach Notification

In the event of a Personal Data breach, WebDialogAI shall:

Notify the Customer without undue delay (and within 72 hours where feasible)
Provide details of the breach, including the nature, scope, and likely consequences
Describe measures taken or proposed to address the breach

8. Data Subject Rights

WebDialogAI provides tools to assist Customers in fulfilling data subject requests:

Data Export — use the data export feature in the chat widget to download your data
Data Deletion — use the data deletion feature in the chat widget to request removal of your data
Dashboard — conversation management and deletion through the admin console

9. Duration and Termination

This DPA remains in effect for the duration of the service agreement. Upon termination:

Customer may export all data within 30 days
After 30 days, WebDialogAI will delete all Personal Data unless retention is required by law

10. Contact

For DPA inquiries or to request a signed copy:

Email: support@webdialogai.com
Website: webdialogai.com

1. Definitions​

2. Scope of Processing​

2.1 Types of Personal Data​

2.2 Data Subjects​

3. Obligations of WebDialogAI​

4. Sub-processors​

5. Data Transfers​

6. Security Measures​

7. Data Breach Notification​

8. Data Subject Rights​

9. Duration and Termination​

10. Contact​