Data Processing Agreement

Back to Document Center

​

Effective Date: 30 April 2025

​​

This Data Processing Agreement ("DPA") is entered into between:

1. ByteWise Techlabs LLP. ("Processor"), the provider of AuditWise, with its principal place of business at 19th Floor, Tower-B, Alphathum, Sector-90, Noida 201305 (IN); and

2. [Customer Name; as mentioned on the invoice] ("Controller"), with its principal place of business at [Customer Address; as mentioned on the invoice].

​

This DPA forms part of the Master Services Agreement (MSA) between the parties.

​

1. Definitions

1.1. "Data Protection Laws": Refers to applicable laws and regulations, including but not limited to the General Data Protection Regulation (GDPR), the Indian Digital Personal Data Protection Act (DPDP), and any other relevant privacy laws.

1.2. "Personal Data": Any information relating to an identified or identifiable natural person processed by the Processor on behalf of the Controller.

1.3. "Processing": Any operation performed on Personal Data, including collection, storage, use, transfer, or deletion.

1.4. "Sub-Processor": Any third party engaged by the Processor to assist in processing Personal Data.

​

2. Purpose & Scope

2.1 The Processor shall process Personal Data solely to provide the services described in the MSA and shall not process Personal Data for any other purpose without the Controller’s written instructions.

2.2 The categories of Personal Data processed and the purposes of processing are outlined in Annexure 1.

2.3 The Processor utilizes third-party service providers for specific functions. The following sub-processors are used:

• Google Workspace (Email Communications): Data Processing Agreement available at Google Workspace DPA.

• Apollo.io (Data Enrichment & Email Outreach): Data Processing Agreement available at Apollo.io DPA.

• HubSpot (CRM Platform): Data Processing Agreement available at HubSpot DPA.

• Zoho Books (Accounting Software): Data processing terms apply as per Zoho’s standard legal agreements.

• Calendly (Calendar Booking): Data processing agreement available at Calendly DPA

• OpenPhone (Outbound Calling): Terms are available at https://www.openphone.com/terms

• Helpwise (Customer Support): Privacy Policy is available at https://helpwise.io/privacy

• Sentry (Application Monitoring): Data processing agreement available at https://sentry.io/legal/dpa/

​​

3. Processor Obligations

3.1 The Processor shall process Personal Data only in accordance with the Controller’s written instructions and Data Protection Laws.

3.2 The Processor shall implement appropriate technical and organizational security measures to protect Personal Data against unauthorized access, loss, or destruction.

3.3 The Processor shall notify the Controller without undue delay upon becoming aware of any Personal Data breach.

3.4 The Processor shall ensure that its employees and authorized personnel are bound by confidentiality obligations regarding Personal Data.

3.5 The Processor shall provide reasonable assistance to the Controller in fulfilling data subject rights requests (e.g., access, deletion, correction).

​

4. Controller Obligations

4.1 The Controller represents that it has the lawful basis to collect and share Personal Data with the Processor.

4.2 The Controller shall ensure that it provides appropriate notices and obtains necessary consents from data subjects.

​

5. Sub-Processors

5.1 The Processor may engage Sub-Processors only with the prior written consent of the Controller.

5.2 The Processor shall ensure that any Sub-Processor agrees to obligations that are substantially similar to those under this DPA.

​

6. International Data Transfers

6.1 If Personal Data is transferred outside the jurisdiction of the Data Protection Laws, the parties agree to implement necessary safeguards such as Standard Contractual Clauses (SCCs) or other legal mechanisms.

​

7. Data Retention & Deletion

7.1 Upon termination of services, the Processor shall delete or return all Personal Data, unless required by law to retain it.

​

8. Data Breach Notification

8.1 The Processor shall notify the Controller within 48 hours of any unauthorized access, disclosure, or data breach affecting Personal Data.

8.2 The notification shall include: (i) the nature of the breach, (ii) the data affected, (iii) actions taken to mitigate the breach, and (iv) any further recommended actions.

​

9. Audits & Compliance

9.1 The Controller shall have the right to conduct audits (or appoint a third party) to verify compliance with this DPA, subject to reasonable notice and confidentiality obligations.

​

10. Liability & Indemnity

10.1 Each party shall be liable for any breach of this DPA in accordance with the liability terms of the MSA.

10.2 The Processor shall indemnify the Controller for any direct damages arising from its non-compliance with this DPA, subject to the limitations of liability in the MSA.

​

11. Governing Law & Jurisdiction

11.1 This DPA shall be governed by and construed in accordance with the laws of Noida, Uttar Pradesh, India.

11.2 Any disputes shall be resolved in the courts of Noida, Uttar Pradesh, India.

​

12. Contact Us

If you have any questions or concerns about this Data Processing Agreement, please get in touch with us at:

• Support Email: support@auditwise.io

• Compliance Email: compliance@auditwise.io

​​

Thank you for trusting AuditWise!

​

​​

Annexure 1: Details of Processing

1. Categories of Personal Data:

• Name, email, job title, departments, phone number, system logs, and audit records.

2. Categories of Data Subjects:

• Employees, contractors, auditors, and users of AuditWise.

3. Processing Activities:

• Data collection, storage, retrieval, and deletion are part of the audit workflow management.

4. Data Retention Period:

• As per the Controller’s instructions or legal requirements.

​​​

​​

​Back to Document Center

​