Agylion

Data Processing Agreement

Data processing and protection commitments

This agreement describes how Agylion processes data on behalf of its clients and maintains appropriate safeguards.

Scope of processing

Agylion processes personal data on behalf of its clients only to deliver contracted services, manage communications, provide support, and maintain the website and applications.

Roles and responsibilities

Clients act as data controllers for their own business data and user information. Agylion acts as a data processor and processes personal data only in accordance with client instructions and applicable law.

Permitted processing

We process personal data for the purposes of service delivery, scheduling, email communications, analytics, technical support, and security. We do not use client data for unrelated purposes.

Subprocessors

We engage subprocessors to support hosting, communications, scheduling, analytics, AI processing, and real-time collaboration. These subprocessors are contracted to process data only as needed to provide their services.

  • Next.js for website hosting and page delivery.
  • Calendly for booking and scheduling consultations.
  • Outlook for email communication and notifications.
  • PostHog for anonymous website analytics.
  • Azure Cognitive Services for text-to-speech generation.
  • OpenAI for AI-powered coaching and conversation analysis.
  • Agora for real-time voice session infrastructure.

Security measures

We implement access controls, encryption, logging, and other appropriate technical and organizational measures to protect personal data and Customer Content.

Data subject rights

We support client responses to requests for access, correction, deletion, or portability of personal data in accordance with applicable law and the contractual instructions of the data controller.

Incident response

In the event of a suspected data breach, we will notify affected clients without undue delay and cooperate with their incident response procedures.

Audits and cooperation

We cooperate with client audits and assessments relevant to our processing activities, subject to reasonable confidentiality protections for our systems and third-party vendors.

Retention and deletion

Personal data and Customer Content are retained only as long as necessary to fulfill the agreed services or as required by law. We delete or return data in accordance with client instructions upon contract termination.

Applicable law

This Data Processing Agreement is governed by the laws of the Republic of the Philippines. Any dispute is subject to the jurisdiction of the competent courts in the Philippines.