Last Updated: September 2025
This Data Processing Agreement (“DPA”) forms part of, and is subject to the provisions of Kogents AI Terms and Conditions (the “Agreement”). All capitalized terms not defined in this DPA shall have the meanings set forth in the Agreement.
Affiliate: An entity that directly or indirectly controls, is controlled by, or is under common control with another entity.
Agreement: Kogents AI Terms and Conditions, which govern the provision of services to Customer, as may be updated by Kogents AI from time to time.
Control: Ownership, voting, or similar interest representing fifty percent (50%) or more of the total interests of the entity in question.
Customer Data: Any Personal Data that Kogents AI processes on behalf of Customer as a Data Processor in providing services under the Agreement.
Data Protection Laws: All applicable data protection and privacy laws, including GDPR, CCPA/CPRA, DPDPA (Delaware), and any other relevant regulations.
Data Controller: The entity that determines the purposes and means of the processing of Personal Data.
Data Processor: The entity that processes Personal Data on behalf of the Data Controller.
EEA: European Economic Area, including the UK and Switzerland.
Personal Data: Any information relating to an identified or identifiable natural person.
Processing: Any operation performed on Personal Data (collection, storage, use, disclosure, deletion, etc.).
Security Incident: Any unauthorized or unlawful breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Data.
Services: Any product or service provided by Kogents AI pursuant to the Agreement.
Sub-Processor: Any third-party processor engaged by Kogents AI or its Affiliates to assist with providing the Services.
2.1 This DPA replaces any prior data processing agreements entered into between the parties.
2.2 Except as expressly modified by this DPA, the Agreement remains in full force and effect. In case of conflict, this DPA shall control with respect to data protection obligations.
2.3 Any claims under this DPA are subject to the limitations of liability set forth in the Agreement.
2.4 This DPA is governed by the governing law and jurisdiction specified in the Agreement unless otherwise required by Data Protection Laws.
This DPA applies only where Kogents AI processes Customer Data originating from the EEA or otherwise subject to data protection laws on behalf of the Customer.
4.1 Role of the Parties – Customer is the Data Controller. Kogents AI acts as Data Processor and will process Customer Data only on documented instructions from Customer.
4.2 Customer Obligations – Customer agrees it has provided notice and obtained all necessary consents under applicable law for Kogents AI to process Customer Data.
4.3 Kogents AI Processing of Customer Data – Kogents AI shall process Customer Data solely for providing the Services, fulfilling contractual obligations, and complying with law.
4.4 Details of Data Processing:
4.5 Legitimate Business Use – Kogents AI may process certain operational and diagnostic data for legitimate business purposes such as billing, technical support, security, and product development.
5.1 Authorized Sub-Processors – Customer authorizes Kogents AI to engage Sub-Processors listed in Annex A.
5.2 Obligations – Kogents AI ensures Sub-Processors are bound by written agreements providing equivalent data protection obligations.
5.3 Changes – Kogents AI will notify customers of any changes to Sub-Processors at least ten (10) days prior. Customers may object based on data protection concerns.
6.1 Security Measures – Kogents AI implements appropriate technical and organizational measures described in Annex B to protect Customer Data.
6.2 Continuous Improvement – Security measures may evolve over time, provided overall protection does not materially degrade.
6.3 Customer Responsibility – Customer is responsible for securing account credentials and ensuring secure transmission of data to Kogents AI.
Kogents AI may process and transfer data globally, provided adequate safeguards (e.g., Standard Contractual Clauses) are in place per GDPR and other applicable laws.
8.1 Confidentiality – All persons authorized to process Customer Data are bound by confidentiality obligations.
8.2 Breach Notification – Kogents AI shall notify Customer without undue delay after becoming aware of a Security Incident and provide all reasonably available information to support incident response.
Upon termination or expiration of the Agreement, Kogents AI will, at Customer’s option, delete or return all Customer Data unless retention is required by law. Complete deletion may take up to 60 days due to backup retention cycles.
Kogents AI will reasonably assist Customer, at Customer’s expense, in fulfilling obligations relating to data subject requests (DSRs), data protection impact assessments (DPIAs), and communications with data protection authorities.
If legally compelled to disclose Customer Data, Kogents AI will notify Customer unless prohibited by law and, where possible, redirect the requesting authority to Customer.
Liability under this DPA is subject to the exclusions and limits set out in the Agreement. Regulatory penalties caused by Customer’s breach of Data Protection Laws will reduce Kogents AI’s liability to Customer accordingly.
Any costs associated with extraordinary requests outside standard service functionality will be borne by the Customer.
Kogents AI uses the following Sub-Processors to deliver its services:
Kogents AI’s security program includes, but is not limited to: