Data Processing Addendum

This Data Processing Addendum (“DPA”) supplements the AIVOLabs Terms of Service. It governs our processing of personal data on behalf of our customers and is automatically incorporated into every customer account.

1. Scope

This DPA applies where AIVOLabs processes personal data as a processor under GDPR, UK GDPR, the California Consumer Privacy Act, and analogous privacy laws.

2. Roles & responsibilities

Customer is the controller; AIVOLabs is the processor. Customer is responsible for the lawful basis of processing; AIVOLabs is responsible for processing in accordance with documented instructions.

3. Processing details

• Subject matter: provision of AI visibility analytics.
• Duration: the term of your subscription plus 30 days.
• Categories of data: account identifiers, project configuration, run and result records.
• Data subjects: customer personnel who access AIVOLabs.

4. Sub-processors

AIVOLabs engages the following sub-processors:

We notify customers of new sub-processors at least 30 days before they begin processing personal data. Objections can be raised at privacy@aivolabs.xyz.

5. Security measures

AIVOLabs maintains appropriate technical and organizational measures as described in our Security page, including encryption, access controls, logging, and incident response.

6. International transfers

For transfers from the EEA, UK, and Switzerland, AIVOLabs relies on the European Commission's Standard Contractual Clauses (2021) and the UK International Data Transfer Addendum.

7. Data subject rights

AIVOLabs will assist customers in responding to data subject access, correction, deletion, and portability requests within legally required timeframes.

8. Breach notification

AIVOLabs will notify affected customers of a confirmed personal data breach without undue delay, and in any case within 72 hours of confirmation.