Start Free —100 creditsGet Started →
logo

Data Processing Agreement

Edysor Edutech Solutions Private Limited

Effective Date: 24 June 2026

Version: 2.0 (Enterprise Edition)


1. Introduction and Parties

This Data Processing Agreement ("DPA") forms part of the service agreement or other written or electronic agreement ("Principal Agreement") entered into between:

Processor:Edysor Edutech Solutions Private Limited, a company registered under the Companies Act 2013, India, operating the SICADA AI platform ("Processor" or "Edysor")

Controller:The entity or individual engaging Edysor's services ("Controller" or "Client")

This DPA governs the processing of Personal Data by Edysor on behalf of the Client in connection with SICADA AI services.

SICADA AI is an AI-powered voice, chat, and workflow automation platform providing services including (but not limited to): automated voice calls, AI voice bots, speech-to-text and text-to-speech processing, conversational AI, customer support automation, lead qualification, CRM communication, appointment scheduling, analytics, and related SaaS services.


2. Definitions

Applicable Data Protection LawsGDPR (EU General Data Protection Regulation), DPDPA 2023 (India), CCPA (if applicable), and any other applicable data protection or privacy laws in jurisdictions where the Client and Data Subjects are located.
Personal DataAny information relating to an identified or identifiable natural person, including names, contact information, voice recordings, call metadata, transcripts, CRM data, and any other data processed by SICADA AI.
ProcessingAny operation performed on Personal Data, including collection, recording, organization, structuring, storage, adaptation, retrieval, use, disclosure, transmission, erasure, or destruction.
Data SubjectThe natural person to whom Personal Data relates (e.g., call recipients, customers, leads, employees).
SubprocessorAny third party engaged by Edysor to process Personal Data on behalf of the Client (e.g., cloud providers, AI vendors, payment processors).
Client Personal DataAll Personal Data uploaded, generated, recorded, or integrated into SICADA AI by or on behalf of the Client, including call data, customer information, CRM records, documents, and any other content.
BreachA confirmed or suspected unauthorized access, disclosure, destruction, or loss of Personal Data.

3. Roles and Responsibilities

3.1 The Client as Data Controller

3.2 Edysor as Data Processor

3.3 Legal Status

Nothing in this Agreement grants Edysor ownership, independent rights, or control over Client Personal Data. Edysor is a service provider only.


4. Scope and Purpose of Processing

4.1 Services and Processing Activities

Edysor shall process Client Personal Data exclusively to provide the services described in the Principal Agreement, including:

4.2 Processing Instructions

Edysor shall not process Client Personal Data for any purpose other than those explicitly documented and instructed by the Client. Any new processing purpose requires prior written authorization from the Client.

4.3 Duration of Processing

Processing shall continue for the duration of the Principal Agreement and any extended retention periods specified in the Client's written instructions or this DPA.


5. Client Obligations and Representations

5.1 Client Warranties

The Client represents and warrants that:

5.2 Client Responsibilities


6. Processor Obligations

6.1 Processing Instructions

Edysor shall:

6.2 Confidentiality and Access Control

Edysor shall:

6.3 Prohibited Uses

Edysor shall NOT:


7. No AI Model Training Without Consent

CRITICAL CLAUSE:

Edysor shall NOT use Client Personal Data, call recordings, transcripts, uploaded documents, CRM data, prompts, customer content, call metadata, or any other content derived from the Client's use of SICADA AI to:

  • Train, fine-tune, or improve third-party or general-purpose AI models.
  • Develop competing AI products or services.
  • Create datasets for research or commercial purposes.
  • Transfer to OpenAI, Google, Meta, or any other AI vendor for model development.

EXCEPTION:

Edysor may use aggregated, anonymized, and de-identified data for service improvement, analytics, and product optimization, provided that:

  • Data is irreversibly anonymized such that individuals cannot be re-identified.
  • No personal or identifying information is retained.
  • The Client has not objected in writing.

Any use of Client Personal Data for model training beyond the above requires explicit written consent from the Client, a separate Data Processing Agreement amendment, and clear compensation terms.


8. Security and Protection Measures

8.1 Technical Measures

Edysor shall maintain reasonable and appropriate technical security measures, including:

8.2 Organizational Measures

Edysor shall maintain organizational safeguards, including:

8.3 Security Updates

Edysor may update security measures to reflect industry best practices and emerging threats. Material changes will be communicated to the Client in advance where feasible.


9. Subprocessors

9.1 Authorized Subprocessors

Edysor is authorized to engage Subprocessors necessary to deliver the SICADA AI services. The Client authorizes the use of the Subprocessors listed in the current Authorized Subprocessors List (Annex A).

9.2 Categories of Subprocessors

Subprocessors may include providers in the following categories:

9.3 Subprocessor Obligations

Edysor shall ensure that all Subprocessors are bound by written data protection obligations no less protective than those in this DPA, including:

9.4 Authorized Subprocessors List (Annex A)

The current list of authorized Subprocessors is maintained at: https://sicada.ai/security. This list is updated in real-time and reflects all active third-party processors. The Client may request a copy at any time by contacting privacy@edysor.ai.

9.5 Subprocessor Changes and Client Rights


10. Data Subject Rights Assistance

10.1 Cooperation on Subject Rights

Edysor shall assist the Client, at no additional cost, in responding to Data Subject requests for:

10.2 Cooperation Timeline

Edysor shall respond to Data Subject requests within 5 business days of notification from the Client. The Client remains responsible for responding to Data Subjects within applicable legal timelines (e.g., 30 days under GDPR/DPDPA).

10.3 Limitations

Edysor's obligations are subject to:


11. Data Breach Notification

11.1 Breach Detection and Notification

Edysor shall:

11.2 Breach Notification Content

The notification shall include:

11.3 Investigation and Remediation

Edysor shall:


12. International Data Transfers

12.1 Data Localization and Storage

Client Personal Data is primarily stored in:

The Client may request alternative or additional data residency (e.g., EU-only, India-only) by written request. Alternative arrangements may incur additional fees.

12.2 International Transfer Mechanisms

Where Personal Data is transferred outside the country of origin, Edysor shall implement one of the following mechanisms:

12.3 Supplementary Safeguards

For transfers to countries without adequacy or SCC agreements, Edysor may implement supplementary safeguards, including:

12.4 Client Choice

The Client may restrict transfers by writing to privacy@edysor.ai. Restrictions may impact service availability and performance.


13. Data Retention and Deletion

13.1 Retention Periods

Edysor shall retain Client Personal Data only as long as necessary to provide the services and comply with legal obligations:

Data TypeRetention Period
Call Recordings and TranscriptsAs specified by Client; default 90 days unless extended
Call Metadata (dates, numbers, duration)As specified by Client; default 1 year
CRM and Customer DataDuration of engagement + 1 year (or as instructed)
System Logs and Audit Trails90 days minimum, up to 1 year
Billing and Transaction Records7 years (legal/tax requirement)
Backup Copies90 days after deletion (disaster recovery)

13.2 Deletion Upon Termination

Upon termination of the Principal Agreement or at the Client's request, Edysor shall, at the Client's written choice:

13.3 Deletion Method

Deletion shall be carried out using cryptographically secure erasure methods such that data cannot be recovered. Edysor shall provide a written certification of deletion within 10 days of completion.

13.4 Legal Retention Exceptions

Notwithstanding the above, Edysor may retain Personal Data where required by law (e.g., tax, financial, or regulatory obligations). The Client shall be notified of the legal basis and expected retention period.


14. Audit Rights and Compliance Verification

14.1 Audit Requests

Upon reasonable written request, Edysor shall provide information and documentation necessary to demonstrate compliance with this DPA and Applicable Data Protection Laws.

14.2 Audit Scope and Frequency

14.3 Third-Party Audits

The Client may request that Edysor undergo an audit by a qualified third-party auditor (e.g., SOC 2, ISO 27001). The costs of such audits shall be borne by the Client unless Edysor has agreed otherwise.

14.4 Certification and Reports

Edysor maintains the following certifications and compliance statuses:

Current audit reports and certificates are available at: https://sicada.ai/security


15. Data Subject Requests and Regulatory Cooperation

15.1 Authority Requests

If a Data Protection Authority or government agency requests Personal Data from Edysor, Edysor shall:

15.2 Client Cooperation

The Client shall cooperate with Edysor in responding to Data Subject requests and Authority inquiries, including providing necessary documentation and timely responses.


16. Processing Details Annex

Annex B (Processing Schedule) provides detailed specifications for processing activities, including:

The Client and Edysor shall maintain and update this annex as processing activities change.


17. Data Protection Impact Assessments (DPIA)

Where Edysor's processing poses a high risk to Data Subject rights (e.g., large-scale call recording, AI decision-making), Edysor shall assist the Client in conducting a Data Protection Impact Assessment (DPIA) as required under Applicable Data Protection Laws. The Client remains responsible for initiating and completing the DPIA.


18. Limitation of Liability

18.1 Indemnification: Each party shall indemnify the other against third-party claims arising from its breach of this DPA or Applicable Data Protection Laws.

18.2 Liability Caps: Edysor's total liability under this DPA shall not exceed the liability limits specified in the Principal Agreement. Liability for data breaches caused by Edysor's breach of security obligations may be subject to higher limits as determined by Applicable Data Protection Laws.


19. Term and Termination

19.1 Duration: This DPA remains in effect for the duration of the Principal Agreement and for the data retention periods specified herein.

19.2 Survival: Sections relating to confidentiality, security, breach notification, audit rights, and data deletion shall survive termination of the Principal Agreement.


20. Governing Law and Dispute Resolution

20.1 Governing Law: This DPA is governed by the laws of India and the Applicable Data Protection Laws of the Client's jurisdiction(s). In case of conflict, the most protective data protection law shall prevail.

20.2 Dispute Resolution: Disputes arising from this DPA shall be resolved in accordance with the dispute resolution provisions in the Principal Agreement. Data protection matters may be escalated to the Data Protection Authority if not resolved within 30 days.


21. Entire Agreement and Precedence

This DPA, together with Annexes A and B, constitutes the entire data protection agreement between the parties and supersedes any prior data protection arrangements.

Order of Precedence: In the event of conflict, the following order applies:


22. Contact Information

Data Protection Inquiriesprivacy@edysor.ai
Legal and Compliancesecurity@edysor.ai
Data Protection Officer / Grievancesgunjan@edysor.ai
Subprocessor Listhttps://sicada.ai/security
Security and Trust Centerhttps://sicada.ai/security
Registered AddressEdysor Edutech Solutions Private Limited
8, Office No. 809818, City Center,
Ashok Nagar Main Road, Shastri Circle Marg,
Udaipur, Rajasthan, 313001, India

Annexes

Annex A: Authorized Subprocessors List
Current list maintained at: https://sicada.ai/security

Annex B: Processing Schedule (Detailed Specifications)
To be completed and signed by both parties upon execution of this DPA.


Acknowledgment: By executing the Principal Agreement or accessing SICADA AI services, both parties agree to be bound by this Data Processing Agreement.


Edysor Edutech Solutions Private Limited
Data Processing Agreement v2.0 (Enterprise Edition) | Effective: 24 June 2026
Enterprise-Grade | GDPR Compliant | DPDPA 2023 Compliant | AI SaaS Ready
© 2026 Edysor Edutech Solutions Private Limited. All rights reserved.

Get in Touch

Share your details and our team will get back to you shortly.

Follow us on

LinkedInInstagramFacebook
Phone
By submitting this form, I hereby authorize SICADA AI and its affiliate partners to contact me through call, message or WhatsApp. It will override my registry on the NCPR/NDNC.
You agree to our friendly Privacy policy.
logo

AI-powered Voice, Chat, Interviews- designed to save time, costs and build efficiency.

Follow us on

LinkedInInstagramFacebook

Products

  • Voice Agent
  • Chat Agent

Resources

  • ROI Calculator
  • Voice Prompt Builder
  • Blogs
  • Pricing

Others

  • About Us
  • Contact Us
  • Privacy Policy
  • Terms of Service
  • Data Processing Agreement

All rights reserved. Powered by Edysor