Auralix
Auralix

Data Processing Agreement

Last updated: April 29, 2026

1. Parties

This Data Processing Agreement defines the procedure for processing personal data between the Auralix service client (hereinafter the "Client", "Controller") and the Auralix service (hereinafter the "Service", "Processor").

The Client is the data controller. The Service acts as a data processor, processing personal data on behalf of the Client in accordance with Federal Law No. 152-FZ "On Personal Data" and Article 28 of Regulation (EU) 2016/679 (GDPR) where applicable.

2. Subject Matter of Processing

The Service processes personal data of the Client's website visitors to ensure the operation of the AI widget:

  • Receiving and processing visitor messages
  • Collecting contact data through the lead form
  • Storing conversations and leads
  • Forwarding leads to the Client via integrations (CRM, messengers, email, webhooks)

3. Categories of Data

The following categories of data may be processed under this agreement:

  • Contact data: name, phone number, email address
  • Chat message content with the AI assistant
  • Date and time of the inquiry
  • URL of the page where the widget is installed
  • Technical conversation identifiers
  • Visitor's IP address and browser information

4. Categories of Data Subjects

Processing applies to the following categories of data subjects:

  • Visitors to the Client's websites
  • Clients and potential clients of the Client
  • Other persons interacting with the widget on the Client's website

5. Purposes of Processing

Data is processed exclusively for:

  • Operating the AI widget and generating responses
  • Collecting and forwarding leads to the Client
  • Operating integrations configured by the Client
  • Ensuring security and preventing abuse
  • Technical support and troubleshooting

6. Duration of Processing

Data processing is carried out for the duration of the agreement (the Client's use of the Service). After termination, data may be stored for up to 90 days, after which it is subject to deletion unless otherwise required by law.

7. Security Measures

The Service applies the following technical and organizational security measures:

  • Encrypted connections (HTTPS/TLS)
  • Data isolation between clients
  • Employee access controls
  • Backup procedures
  • Action logging
  • Restriction of personnel with access to personal data

8. Subprocessors

The Service may engage subprocessors (infrastructure providers, AI providers, email services, etc.) to fulfill its obligations. The current list of subprocessor categories is available on the Subprocessors page.

The Service ensures that subprocessors maintain a comparable level of data protection.

9. Data Deletion

Upon the Client's request, the Service deletes or returns all personal data processed under this agreement and deletes existing copies unless otherwise required by law.

The Client may independently delete leads and conversations through the Service interface.

10. Incident Notification

In the event of a security incident involving personal data, the Service notifies the Client within a reasonable time after discovering the incident. The notification includes a description of the incident, affected data categories, and measures taken.

11. Assistance with Data Subject Requests

The Service assists the Client in fulfilling data subject requests (access, rectification, erasure, restriction of processing, data portability) within the technical capabilities of the Service.

If a data subject request is received directly by the Service, the Service redirects it to the Client as the data controller.

12. Contacts

For questions related to data processing under this agreement, you can contact us: privacy@auralix.tech