Data Processing Addendum (DPA)
For Enterprise & Business Customers
This Data Processing Addendum ("DPA") forms part of the agreement between DP7 LLC ("Company") and the customer ("Customer") governing the use of J77.ai.
This DPA applies only to the extent DP7 LLC processes Personal Data on behalf of Customer in connection with the Services.
1. Definitions
- Applicable Data Protection Laws: GDPR, UK GDPR, CCPA/CPRA (where applicable).
- Personal Data: Any information relating to an identified or identifiable individual.
- Processing: Any operation performed on Personal Data.
- Controller / Processor: As defined under GDPR.
2. Roles of the Parties
- Customer is the Controller of Personal Data it submits to the Services.
- DP7 LLC is the Processor of such Personal Data when acting on Customer's instructions.
- DP7 LLC acts as an independent Controller for account, billing, security, and service operation data.
3. Scope of Processing
DP7 LLC may process Personal Data solely to:
- Provide and operate the Services
- Generate AI-assisted content
- Maintain security and reliability
- Prevent abuse and enforce policies
- Improve service quality
Processing is limited to what is reasonably necessary to perform the Services.
4. Customer Responsibilities
Customer represents and warrants that:
- It has all necessary rights, consents, and authority to submit Personal Data
- It complies with Applicable Data Protection Laws
- It will not submit unlawful, sensitive, or prohibited Personal Data unless explicitly agreed in writing
DP7 LLC is not responsible for determining the legality of Customer's data.
5. AI Processing Disclosure
Customer acknowledges that:
- The Services use automated systems and artificial intelligence
- Inputs and outputs may be processed by third-party AI providers
- Outputs may contain inaccuracies and require human review
Customer remains fully responsible for verifying outputs before use or publication.
6. Confidentiality
DP7 LLC will ensure that personnel authorized to process Personal Data are subject to confidentiality obligations.
7. Security Measures
DP7 LLC implements reasonable administrative, technical, and organizational safeguards appropriate to the nature of the data and risks involved.
No method of transmission or storage is 100% secure.
8. Subprocessors
Customer authorizes DP7 LLC to engage subprocessors, including:
- Cloud hosting providers
- AI model providers
- Email delivery providers
- Logging and monitoring services
DP7 LLC remains responsible for subprocessors to the extent required by law.
A current list of subprocessors may be made available upon reasonable request.
9. International Data Transfers
Personal Data may be processed in the United States or other jurisdictions where DP7 LLC or its subprocessors operate.
Customer consents to such transfers, subject to applicable legal safeguards.
10. Data Subject Requests
Where DP7 LLC receives a request from a data subject relating to Customer data, DP7 LLC will:
- Notify Customer where legally permitted
- Provide reasonable assistance, at Customer's expense, where required by law
DP7 LLC may decline requests where permitted by law.
11. Deletion or Return of Data
Upon termination of the Services, DP7 LLC may delete or anonymize Personal Data in accordance with its data retention policies, unless retention is required by law.
12. Audits
DP7 LLC will respond to reasonable, written audit requests solely to the extent required by law. Audits must:
- Be limited in scope
- Occur no more than once annually
- Not expose confidential or proprietary information
13. Limitation of Liability
To the maximum extent permitted by law, DP7 LLC's liability under this DPA is subject to the limitations set forth in the Terms of Use.
14. Governing Law
This DPA is governed by the laws of the State of Michigan, unless otherwise required by applicable data protection law.
15. Order of Precedence
In the event of a conflict:
- This DPA (only as required by law)
- Terms of Use
- Privacy Policy