Data Processing Addendum (DPA)
Effective May 10, 2026
This Data Processing Addendum (“DPA”) forms part of the agreement between you (“Customer”) and RealSalesOS (“Processor”) for the provision of AI voice receptionist services.
1. Processing Details
Processor will process the following categories of personal data on behalf of Customer:
- Caller phone numbers and call metadata
- Call audio recordings and transcripts
- Customer business contact information and calendar data
Processing is limited to providing the contracted services, improving AI accuracy, and fulfilling legal obligations.
2. Security Measures
Processor implements industry-standard technical and organizational measures including:
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Access controls and audit logging
- Regular penetration testing and vulnerability management
- Incident response procedures
3. Sub-processors
Customer authorizes the following sub-processors:
- LiveKit, Inc. (voice infrastructure)
- xAI Corp. (language model)
- Cloudflare, Inc. (CDN and security)
- Twilio, Inc. (telephony)
Processor will notify Customer of any new sub-processors and provide 30 days to object.
4. Data Breach Notification
Processor will notify Customer without undue delay (and within 72 hours where feasible) after becoming aware of a personal data breach affecting Customer data.
5. Audit Rights
Upon reasonable notice, Customer may audit Processor’s compliance with this DPA. Processor will cooperate and provide relevant documentation.
6. Deletion and Return of Data
Upon termination of the agreement, Processor will delete or return all Customer personal data within 90 days, except where retention is required by law.