Data Processing Agreement

Effective date: 2025-01-01

This Data Processing Agreement ("DPA") forms part of the Terms between Typelessity ("Processor") and the customer ("Controller") whenever Typelessity processes personal data on behalf of the customer.

Subject matter

Processing of personal data submitted to the Typelessity widget by end-users of the customer's website.

Nature & purpose

Field extraction from natural-language input, real-time validation, optional enrichment via customer-defined APIs, submission of structured booking data to the customer's endpoint.

Categories of data subjects

End-users of customer's website who interact with the Typelessity widget.

Categories of personal data

Names, contact information (email, phone), service-specific fields (e.g. medical specialty, vehicle type, dietary requirements), free-text input, optional voice transcription.

Sub-processors

See /legal/sub-processors. Customer is notified 30 days before any sub-processor change.

Security measures

TLS 1.2+ in transit. AES-256 at rest. EU data residency available. Access via SSO and 2FA. Audit logs retained 12 months. Annual penetration test.

Data subject rights

Processor assists Controller in responding to access, rectification, erasure, and portability requests within 5 business days.

Data breach

Processor notifies Controller within 24 hours of becoming aware of a personal data breach.

Term

Effective for the duration of the Service. On termination, Processor deletes Controller data within 30 days unless legally required to retain.