Data Processing Agreement (DPA) — Version 1.0
STATUS: APPROVED v1.0. This file is the canonical in-product Data Processing Agreement. Material changes require a new Version string, a Change Log entry, and coordinated updates to onboarding acceptance and
/legal/dpa.
Effective Date: [Date the customer accepts in onboarding] Version: v1.0-2026-05-12 Parties:
- Controller: [Customer / Shop legal entity name] ("Customer" or "Controller")
- Processor: AutoShop Voice AI, Inc., a Delaware corporation ("AutoShop Voice AI" or "Processor")
This Data Processing Agreement ("DPA") forms part of and supplements the Master Services Agreement, Order Form, or other written agreement between the Parties (the "Agreement") under which AutoShop Voice AI provides its AI-powered phone receptionist service (the "Service") to Customer. In the event of a conflict between this DPA and the Agreement on data- protection matters, this DPA controls.
1. Definitions
For purposes of this DPA:
- "Applicable Law" means all U.S. federal and state laws that apply to the Processing of Personal Information under this DPA, including but not limited to the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act ("CCPA/CPRA"), the Virginia Consumer Data Protection Act ("VCDPA"), the Colorado Privacy Act ("CPA"), the Connecticut Data Privacy Act ("CTDPA"), the Utah Consumer Privacy Act ("UCPA"), and the Telephone Consumer Protection Act ("TCPA"). AutoShop Voice AI's Service is U.S.-only at launch; if a Customer has EU/UK callers, the Parties will execute an addendum incorporating GDPR Article 28 and the EU Standard Contractual Clauses before processing begins.
- "Authorized Personnel" means AutoShop Voice AI employees and contractors who require access to Personal Information to provide the Service and who are bound by written confidentiality obligations.
- "Data Subject" means a natural person whose Personal Information is Processed under this DPA — typically a caller to Customer's phone line.
- "Personal Information" means information that identifies, relates to, or could reasonably be linked to a Data Subject, Processed by AutoShop Voice AI on Customer's behalf under the Agreement.
- "Process" or "Processing" has the meaning given in Applicable Law and includes collection, recording, storage, retrieval, use, disclosure, and deletion.
- "Security Incident" means a confirmed breach of security leading to the unauthorized acquisition, disclosure, or loss of Personal Information.
- "Sub-processor" means a third party engaged by AutoShop Voice AI to Process Personal Information on Customer's behalf.
2. Roles and Subject Matter
- 2.1 Roles. Customer is the Controller (or "Business" under CCPA) of the Personal Information. AutoShop Voice AI acts solely as the Processor (or "Service Provider" under CCPA) and Processes Personal Information only on Customer's documented instructions, including the instructions embedded in the Service's configuration (call routing, recording disclosure, retention windows).
- 2.2 Subject Matter and Purpose. The subject matter is the operation of an AI-powered phone receptionist on Customer's inbound calls. The purpose is limited to: (a) answering, transcribing, and summarizing calls; (b) booking appointments and creating service tickets in Customer's DMS; (c) sending transactional SMS recap and CSAT messages to callers; (d) generating call analytics for Customer's dashboard.
- 2.3 No Independent Use. AutoShop Voice AI will not Sell, Share, or use Personal Information for cross-context behavioral advertising, will not combine Personal Information with data received from any other source for any purpose other than to provide the Service to Customer, and will not use Personal Information to train, fine-tune, or evaluate any general-purpose AI model.
- 2.4 Duration. This DPA remains in effect for as long as AutoShop Voice AI Processes Personal Information under the Agreement, and for any period thereafter required by Section 9 (Return or Deletion).
3. Categories of Data and Data Subjects
- 3.1 Data Subjects. Callers to Customer's phone lines, Customer's employees who interact with the Service, and any third parties whose contact information is incidentally captured during a call.
- 3.2 Categories of Personal Information. Caller phone number; caller name (if disclosed); vehicle identifiers (VIN, plate, make/model/year); service request descriptions; appointment details; call audio recording (when enabled by Customer); call transcript; SMS message content; customer service history references retrieved from Customer's DMS.
- 3.3 Sensitive Personal Information. AutoShop Voice AI does not seek to Process Sensitive Personal Information. The Service's data schema captures only the categories enumerated in Section 3.2 — none of which are CCPA-Sensitive PI categories (no Social Security number, account/financial credentials, precise geolocation, racial or ethnic origin, religious beliefs, union membership, contents of mail/email/ text messages, genetic data, biometric identifiers, health information, or sex-life/sexual-orientation data). Callers may nonetheless volunteer such information during a call (for example, a medical reason for a delay); when this occurs, the information receives the same protection as other Personal Information under this DPA and is not separately indexed, enriched, or used for any purpose other than completing the call and the immediately related transactional follow-up.
4. Customer Instructions and Compliance
- 4.1 Customer Obligations. Customer represents that (a) it has a lawful basis under Applicable Law to collect the Personal Information it shares with the Service; (b) it has provided the notices and obtained the consents required of a Controller (including, where applicable, TCPA prior express written consent for SMS recap messages); and (c) its instructions to AutoShop Voice AI comply with Applicable Law.
- 4.2 Processor Obligations. AutoShop Voice AI will (a) Process Personal Information only as instructed by Customer through the Service and the Agreement; (b) immediately inform Customer if, in AutoShop Voice AI's opinion, an instruction violates Applicable Law (without obligation to monitor for legality); and (c) make available to Customer the information reasonably necessary to demonstrate compliance with this DPA.
5. Security
- 5.1 Technical and Organizational Measures. AutoShop Voice AI will
maintain a written information-security program designed to protect
Personal Information against Security Incidents. The program includes,
at minimum:
- Encryption of Personal Information in transit (TLS 1.2+) and at rest (AES-256 or equivalent).
- Role-based access controls; least-privilege provisioning for Authorized Personnel; multi-factor authentication for production administrative access.
- Network segmentation between development, staging, and production environments.
- Logging and monitoring of access to Personal Information.
- Annual review of the security program; remediation of identified gaps.
- Background checks (including criminal history where permitted by Applicable Law for the role) and confidentiality agreements for Authorized Personnel.
- 5.2 Sub-processor Diligence. Before engaging a Sub-processor, AutoShop Voice AI will vet the Sub-processor's security practices and bind it to obligations no less protective than those in this DPA.
6. Sub-processors
- 6.1 Authorized Sub-processors. Customer authorizes AutoShop Voice AI
to engage the Sub-processors listed in Schedule A. AutoShop Voice AI
maintains Schedule A as an up-to-date list at
/legal/sub-processors. - 6.2 New Sub-processors. AutoShop Voice AI will give Customer at least thirty (30) days' notice (by email or in-product notification) of any new Sub-processor. Customer may object on reasonable data-protection grounds within fifteen (15) days. If the Parties cannot resolve the objection, Customer may terminate the affected portion of the Service for convenience without further charge.
7. Data Subject Rights
- 7.1 Customer-Facing Requests. When AutoShop Voice AI receives a request from a Data Subject directed at Customer's data, AutoShop Voice AI will, without responding directly, forward the request to Customer within five (5) business days.
- 7.2 Cooperation. AutoShop Voice AI will provide reasonable cooperation, at Customer's expense for non-trivial efforts, to enable Customer to fulfill verified Data Subject requests for access, correction, deletion, opt-out of Sale/Sharing, or limitation of use of Sensitive Personal Information under Applicable Law.
8. Security Incidents
- 8.1 Notification. AutoShop Voice AI will notify Customer of a confirmed Security Incident affecting Customer's Personal Information without undue delay and, where feasible, within seventy-two (72) hours of confirming the Incident.
- 8.2 Content of Notice. The notice will include, to the extent then known: a description of the Incident, the categories and approximate number of Data Subjects affected, the categories and approximate number of records affected, the likely consequences, and the measures taken or proposed to mitigate the Incident.
- 8.3 Cooperation. AutoShop Voice AI will cooperate in good faith with Customer's reasonable investigation and remediation efforts.
9. Return or Deletion of Personal Information
- 9.1 On Termination. Within thirty (30) days after termination or expiration of the Agreement, AutoShop Voice AI will, at Customer's written election, return to Customer or securely delete all Personal Information in its possession or control, except to the extent retention is required by Applicable Law or for the limited internal purposes permitted in Section 9.2.
- 9.2 Permitted Retention. AutoShop Voice AI may retain (a) backups pending normal expiration of the backup retention window not exceeding ninety (90) days, after which Personal Information is destroyed in the ordinary course; and (b) aggregated, de-identified data that no longer identifies any Data Subject and that AutoShop Voice AI commits not to re-identify.
10. Audits
- 10.1 Self-Audit. AutoShop Voice AI will perform an annual review of its information-security program and remediate identified deficiencies.
- 10.2 Third-Party Reports. Upon reasonable written request, AutoShop Voice AI will provide Customer with summaries of any third-party audit or certification reports (for example, SOC 2 Type II) that AutoShop Voice AI obtains and is permitted to share under confidentiality obligations with the auditor.
- 10.3 On-Site Audits. Customer may conduct on-site audits no more than once per calendar year, on reasonable notice, during normal business hours, and at Customer's cost, provided the audit does not disrupt the operation of the Service.
11. International Transfers
- 11.1 U.S.-Only Processing. AutoShop Voice AI Processes Personal
Information solely within the United States. All Sub-processors listed
in Schedule A are configured to process in U.S. regions (Akamai Cloud /
Linode compute and managed PostgreSQL;
us-central1for Google Gemini Live API inference; U.S. regions for Twilio, Stripe, and the email Sub-processor). AutoShop Voice AI will not transfer Personal Information outside the United States without first amending this DPA to include an appropriate cross-border transfer mechanism (such as the EU Standard Contractual Clauses or the UK International Data Transfer Agreement).
12. Liability and Term
- 12.1 Liability. Each Party's liability under or in connection with this DPA is subject to the limitations of liability set forth in the Agreement. Nothing in this DPA limits either Party's liability to the extent such limitation is prohibited by Applicable Law (including, where applicable, statutory damages or private rights of action available under CCPA/CPRA or similar state privacy laws).
- 12.2 Term. This DPA enters into effect on the Effective Date and remains in force until the earlier of (a) expiration or termination of the Agreement and completion of Section 9, or (b) a successor DPA signed by both Parties.
13. Miscellaneous
- 13.1 Order of Precedence. This DPA controls over the Agreement on data-protection matters. The Agreement controls over this DPA on all other matters.
- 13.2 Governing Law. This DPA is governed by the law specified in the Agreement.
- 13.3 Counterparts and Electronic Signature. This DPA may be executed electronically and in counterparts, each of which is an original.
Schedule A — Authorized Sub-processors
The current authoritative list is published at
/legal/sub-processors and updated under
Section 6.2 of this DPA. As of the version date above:
| Sub-processor | Service | Region | Categories of Data |
|---|---|---|---|
| Google LLC (Gemini Live API) | Voice AI inference | United States (us-central1) | Call audio (transient, not retained by Sub-processor), transcripts |
| Twilio Inc. | Telephony (PSTN), SMS delivery | United States | Caller phone numbers, call audio, SMS content |
| Stripe, Inc. | Subscription billing | United States | Customer (Controller) billing data only — no caller Personal Information |
| Akamai Technologies, Inc. (Managed PostgreSQL) | Application database (PostgreSQL) | United States | All categories listed in §3.2 |
| Akamai Technologies, Inc. (Linode Compute) | Application hosting and execution (Node.js / Next.js) | United States | All categories listed in §3.2 |
| Selzy SAS (UniOne) | Transactional email delivery to Customer | United States / EU edge (delivery only) | Customer email address and message content only — no caller Personal Information |
Authentication. Primary shop sign-in uses first-party httpOnly session cookies (HS256 JWTs issued by AutoShop Voice); there is no separate Sub-processor solely for customer identity beyond the email provider used for password reset and notices.
Schedule B — Customer Acceptance Block
By accepting this DPA in the AutoShop Voice AI onboarding flow, Customer warrants that the individual accepting has authority to bind Customer.
| Field | Captured at acceptance |
|---|---|
| DPA Version | v1.0-2026-05-12 (this document) |
| Acceptance timestamp | UTC server time at acceptance |
| Signer name | Provided by signer |
| Signer title | Provided by signer |
| Signer email | Tied to authenticated AutoShop Voice AI account |
| IP address | Source IP of the acceptance request |
Electronic acceptance. Customer's acceptance through the AutoShop Voice AI in-product flow (authenticated account, designated checkbox, captured UTC timestamp, and source IP address) constitutes Customer's agreement to this DPA and constitutes an electronic signature where permitted by the Agreement and Applicable Law, including the U.S. Electronic Signatures in Global and National Commerce Act (E-SIGN) and the Uniform Electronic Transactions Act (UETA) as adopted in the governing jurisdiction.
Change Log
| Version | Date | Notes |
|---|---|---|
| v1.0-DRAFT | 2026-04-25 | Initial draft. |
| v1.0-DRAFT (r2) | 2026-04-25 | Resolved codebase-confirmable [REVIEW] items: Sensitive PI scope (none captured by schema), GDPR addendum path, Schedule A finalized from package.json + DEPLOYMENT.md, /legal/sub-processors page live, U.S.-only region confirmation. Items still requiring outside counsel: legal entity name, CCPA Service-Provider carve-out wording, background-check scope, SOC 2 commitment, governing law, E-SIGN/UETA enforceability, liability carve-outs. |
| v1.0-2026-05-12 | 2026-05-12 | Counsel-approved v1.0: Processor identified as AutoShop Voice AI, Inc. (Delaware); CCPA Service Provider / no-model-training clause finalized; background-check, audit-report, liability, governing-law, and E-SIGN/UETA acceptance language finalized. Supersedes v1.0-DRAFT for in-product acceptance. |