LEGAL

Data Processing Agreement (DPA)

Processor terms for personal data handling in the WellStreak AI Business Performance Operating System.

Last updated: February 24, 2026

1.1 Purpose and Relationship to Other Terms

This Data Processing Agreement ("DPA") applies where WellStreak AI processes personal data on behalf of a customer in connection with the Services.
This DPA supplements the Terms of Service and forms part of the contractual framework governing data processing activities.

1.2 Definitions

"Controller" means the entity determining purposes and means of personal data processing.
"Processor" means the entity processing personal data on behalf of the Controller.
"Personal Data" has the meaning assigned under applicable data protection laws.

2.1 Roles of the Parties

Customer acts as Controller for workspace data submitted by or on behalf of customer users.
WellStreak AI acts as Processor when handling customer data to provide contracted Services.
For limited legal and compliance operations (for example, accounting, fraud prevention), WellStreak AI may act as an independent Controller where required by law.

3.1 Nature and Purpose of Processing

Processing includes data hosting, routing, workflow execution, security monitoring, support handling, and service analytics required to provide the Services.
WellStreak AI processes personal data only on documented customer instructions as reflected by product configuration and support requests, unless required by law.

3.2 Categories of Data and Data Subjects

Categories include account identifiers, communication records, operational metadata, uploaded documents, and integration event data.
Data subjects may include customer employees, leads, candidates, support contacts, and authorized end users.

4.1 Security Measures

WellStreak AI applies technical and organizational controls including access management, role restrictions, tenant-scoped data access, secure credential handling, and logging controls.
Security measures are reviewed and updated as technology, risk profile, and legal expectations evolve.

4.2 Personnel Confidentiality

Personnel with access to personal data are subject to confidentiality obligations and access minimization principles.
Access to customer data is limited to operational necessity and authorized support/security functions.

5.1 Subprocessors

WellStreak AI may engage subprocessors for cloud hosting, AI inference, messaging, and payment operations.
Subprocessors are subject to contractual safeguards appropriate to the processing scope and risk profile.
Customers acknowledge that third-party providers may process data across jurisdictions under their own service terms.

5.2 International Transfers

Where cross-border processing occurs, WellStreak AI applies commercially reasonable safeguards consistent with legal obligations and contractual commitments.
Customers remain responsible for determining whether additional regional controls are required for their legal obligations.

6.1 Data Subject Rights Assistance

WellStreak AI provides commercially reasonable assistance to enable customers to respond to lawful requests for access, correction, deletion, portability, and restriction.
Requests must include sufficient details to validate requester authority and scope.

6.2 Incident Notification

WellStreak AI maintains incident response procedures for potential security events affecting customer data.
Where required by applicable law, WellStreak AI will notify impacted customers without undue delay after confirming a reportable incident.

7.1 Retention, Return, and Deletion

Upon termination or request, WellStreak AI supports data return/export and deletion workflows for eligible data, subject to legal retention and security requirements.
Certain records may be retained for compliance, dispute handling, fraud prevention, and audit obligations.

8.1 Audit and Compliance Cooperation

WellStreak AI provides reasonable information relevant to security and processing controls, subject to confidentiality and operational limits.
Direct penetration testing or intrusive audits require prior written approval and mutually agreed scope.

9.1 Liability and Governing Law

Liability under this DPA is subject to limitations set forth in the Terms of Service unless otherwise agreed in writing.
This DPA is governed by laws of India, with arbitration and dispute handling as specified in the Terms of Service.

10.1 Term and Updates

This DPA remains effective while WellStreak AI processes personal data on behalf of Customer.
WellStreak AI may update this DPA to reflect legal, technical, and service delivery changes with prospective effect.

2.1 Roles of the Parties

Customer acts as Controller for workspace data submitted by or on behalf of customer users.

WellStreak AI acts as Processor when handling customer data to provide contracted Services.

For limited legal and compliance operations (for example, accounting, fraud prevention), WellStreak AI may act as an independent Controller where required by law.

3.1 Nature and Purpose of Processing

Processing includes data hosting, routing, workflow execution, security monitoring, support handling, and service analytics required to provide the Services.

WellStreak AI processes personal data only on documented customer instructions as reflected by product configuration and support requests, unless required by law.

5.1 Subprocessors

WellStreak AI may engage subprocessors for cloud hosting, AI inference, messaging, and payment operations.

Subprocessors are subject to contractual safeguards appropriate to the processing scope and risk profile.

Customers acknowledge that third-party providers may process data across jurisdictions under their own service terms.

Data Processing Agreement (DPA)

1.1 Purpose and Relationship to Other Terms

1.2 Definitions

2.1 Roles of the Parties

3.1 Nature and Purpose of Processing

3.2 Categories of Data and Data Subjects

4.1 Security Measures

4.2 Personnel Confidentiality

5.1 Subprocessors

5.2 International Transfers

6.1 Data Subject Rights Assistance

6.2 Incident Notification

7.1 Retention, Return, and Deletion

8.1 Audit and Compliance Cooperation

9.1 Liability and Governing Law

10.1 Term and Updates

Activating Well Streak

Data Processing Agreement (DPA)

1.1 Purpose and Relationship to Other Terms

1.2 Definitions

2.1 Roles of the Parties

3.1 Nature and Purpose of Processing

3.2 Categories of Data and Data Subjects

4.1 Security Measures

4.2 Personnel Confidentiality

5.1 Subprocessors

5.2 International Transfers

6.1 Data Subject Rights Assistance

6.2 Incident Notification

7.1 Retention, Return, and Deletion

8.1 Audit and Compliance Cooperation

9.1 Liability and Governing Law

10.1 Term and Updates