1. Definitions
"Agreement" means this Data Processing Agreement.
"Controller" means the client who determines the purposes and means of processing personal data.
"Processor" means LOGIQ OPS LTD, who processes personal data on behalf of the Controller.
"Personal Data" has the meaning given in UK GDPR.
"Services Agreement" means the Terms of Service between the parties.
"Sub-processor" means any third party engaged by the Processor to process Personal Data.
2. Scope and Purpose
This Agreement applies where LOGIQ OPS LTD processes Personal Data on behalf of the Controller in providing the Vision platform.
- Subject matter: Automation of business workflows via AI agents
- Nature of processing: Access, reading, drafting, sending, logging
- Purpose: Providing the Vision platform services
- Duration: For the term of the Services Agreement
- Types of personal data: Contact details, email content, calendar data, business data
- Categories of data subjects: The Controller's customers, leads, suppliers, and employees
3. Processor Obligations
LOGIQ OPS LTD agrees to:
3.1 Process Personal Data only on documented instructions from the Controller.
3.2 Ensure persons authorised to process Personal Data are bound by confidentiality.
3.3 Implement appropriate technical and organisational security measures including encryption in transit and at rest, access controls, and regular security reviews.
3.4 Not engage sub-processors without the Controller's prior written consent (general consent given by acceptance of this Agreement, subject to Schedule 1).
3.5 Assist the Controller in responding to data subject rights requests.
3.6 Notify the Controller within 72 hours of becoming aware of a Personal Data breach.
3.7 Delete or return all Personal Data within 30 days of termination.
3.8 Make available information necessary to demonstrate compliance and allow for audits.
4. Controller Obligations
The Controller agrees to:
4.1 Ensure there is a lawful basis for processing Personal Data through the Service.
4.2 Ensure data subjects are informed about how their data will be processed.
4.3 Not instruct LOGIQ OPS LTD to process Personal Data in violation of applicable law.
4.4 Not process sensitive personal data without prior written agreement.
5. Sub-processors
General written authorisation is granted for the sub-processors in Schedule 1. LOGIQ OPS LTD will notify the Controller of any intended changes with at least 14 days' notice.
6. International Transfers
Where Personal Data is transferred outside the UK/EEA, LOGIQ OPS LTD will ensure Standard Contractual Clauses or adequacy decisions are in place.
7. Term and Termination
This Agreement runs concurrently with the Services Agreement. Obligations survive termination with respect to retained Personal Data.
8. Governing Law
England and Wales.
Schedule 1 — Approved Sub-processors
- Anthropic — AI model processing — USA — Standard Contractual Clauses
- Supabase — Database and authentication — EU/USA — Standard Contractual Clauses
- Vercel — Platform hosting — USA — Standard Contractual Clauses
- Stripe — Payment processing — USA/EU — Standard Contractual Clauses / Adequacy
- Google LLC — Gmail, Sheets, Calendar — USA — Standard Contractual Clauses
Schedule 2 — Technical and Organisational Measures
- Encryption in transit: TLS 1.2+ on all connections
- Encryption at rest: AES-256 for OAuth tokens; Supabase database encryption
- Access control: Role-based access; row-level security at database level
- Authentication: Supabase Auth with OAuth 2.0
- Incident response: 72-hour breach notification commitment
- Data minimisation: OAuth scopes limited to minimum required
- Audit logging: All agent actions logged with timestamp and user
- Human oversight: All irreversible actions require human approval before execution