Last Updated: May 2026

This Data Processing Addendum (“DPA”) forms part of the agreement between Octalas AI (“Octalas AI”, “we”, “our”, or “us”) and the customer (“Customer”, “you”, or “your”) governing the use of services provided through Octalas AI.

This DPA applies when Octalas AI processes personal data on behalf of the Customer in connection with the use of our AI automation, data processing, website scraping, document scanning, chatbot, workflow automation, and knowledge base services.

1. Definitions

For the purposes of this DPA:

• Personal Data means any information relating to an identified or identifiable natural person.
• Processing means any operation performed on personal data including collection, storage, organization, retrieval, use, disclosure, or deletion.
• Controller means the entity determining the purposes and means of processing personal data.
• Processor means the entity processing personal data on behalf of the Controller.
• Applicable Data Protection Laws means all applicable privacy and data protection laws including GDPR, UK GDPR, UAE data protection regulations, and other applicable international privacy laws.

2. Scope of Processing

Octalas AI may process personal data submitted, uploaded, scraped, imported, or otherwise provided by the Customer through the Services, including:

• Website content
• Uploaded documents and PDFs
• Knowledge base data
• CRM or business platform integrations
• Customer support information
• Automation workflows
• API-connected datasets

The processing is limited to providing, maintaining, securing, and improving the Services requested by the Customer.

3. Roles of the Parties

The Customer acts as the Data Controller and Octalas AI acts as the Data Processor with respect to personal data processed under this DPA.

The Customer is responsible for ensuring that it has all necessary rights, permissions, and lawful bases required to collect and provide personal data to Octalas AI for processing.

4. Customer Responsibilities

The Customer agrees that it shall:

• Comply with all applicable data protection laws
• Obtain any required consents and notices
• Ensure uploaded or connected data is lawfully obtained
• Not use the Services for unlawful, harmful, or prohibited purposes
• Avoid submitting sensitive personal data unless explicitly agreed in writing

The Customer remains responsible for the accuracy, quality, and legality of the data processed through the Services.

5. Octalas AI Processing Obligations

Octalas AI agrees to:

• Process personal data only on documented instructions from the Customer
• Maintain appropriate technical and organizational security measures
• Restrict access to authorized personnel only
• Maintain confidentiality obligations for employees and contractors
• Assist the Customer with reasonable data protection requests where applicable
• Notify the Customer of confirmed security incidents affecting personal data as required by law

6. Security Measures

Octalas AI implements commercially reasonable security measures designed to protect customer data against unauthorized access, disclosure, alteration, or destruction.

Security measures may include:

• Encrypted data transmission
• Access controls and authentication
• Infrastructure monitoring
• Secure cloud hosting environments
• Role-based permissions
• System logging and auditing

While no system can guarantee absolute security, Octalas AI continuously works to maintain a secure processing environment.

7. Subprocessors

The Customer acknowledges that Octalas AI may engage third-party subprocessors to support the delivery of the Services, including cloud hosting providers, infrastructure services, analytics providers, and AI processing services.

Octalas AI shall take reasonable steps to ensure subprocessors are bound by appropriate data protection and confidentiality obligations.

8. International Data Transfers

Customer data may be processed in countries outside the Customer’s jurisdiction where Octalas AI, its affiliates, or subprocessors maintain operations.

Where required by applicable law, Octalas AI will implement appropriate safeguards for international data transfers.

9. Data Retention & Deletion

Octalas AI retains customer data only for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements.

Upon termination of Services or written request, Octalas AI may delete or anonymize customer data in accordance with applicable law and operational requirements.

10. Data Subject Rights

To the extent required by applicable law, Octalas AI will provide reasonable assistance to enable the Customer to respond to requests from data subjects relating to:

• Access requests
• Data correction
• Data deletion
• Restriction of processing
• Data portability
• Objections to processing

11. Confidentiality

All non-public information processed through the Services shall be treated as confidential and used solely for the purpose of providing the Services under the agreement between the parties.

12. Liability

Each party’s liability under this DPA shall be subject to the limitations and exclusions of liability set forth in the applicable service agreement or Terms of Service governing the use of the Services.

13. Changes to this DPA

Octalas AI may update this DPA from time to time to reflect operational, legal, or regulatory changes.

Updated versions will be published at:

Octalas AI Legal Pages

Continued use of the Services after updates constitutes acceptance of the revised DPA.

14. Contact Information

For privacy, compliance, or data protection inquiries, please contact:

Octalas AI
Website: Octalas AI
Email: privacy@octalasai.com