Data Processing Agreement

Last updated: January 14, 2025

1. Definitions

For the purposes of this Data Processing Agreement ("DPA"):

  • "Controller" means you, the customer using Ringing.io services
  • "Processor" means Ringing.io, Inc.
  • "Data Subject" means the individuals whose personal data is processed
  • "Personal Data" means any information relating to an identified or identifiable person
  • "Processing" means any operation performed on personal data

2. Scope and Application

This DPA applies to all processing of Personal Data by Ringing.io on behalf of the Controller in connection with the provision of our call answering services. This DPA supplements and forms part of the Terms of Service.

3. Data Processing Details

Nature and Purpose

Processing of call data to provide AI-powered call answering, message taking, and related services.

Categories of Data

  • Contact information (names, phone numbers, email addresses)
  • Voice recordings and transcripts
  • Business inquiry details
  • Appointment and scheduling information

Categories of Data Subjects

  • Callers to your business
  • Your customers and prospective customers
  • Your employees and contractors

4. Processor Obligations

Ringing.io shall:

  • Process Personal Data only on documented instructions from the Controller
  • Ensure persons authorized to process Personal Data are bound by confidentiality
  • Implement appropriate technical and organizational security measures
  • Only engage sub-processors with Controller's prior consent
  • Assist the Controller in responding to data subject requests
  • Make available all information necessary to demonstrate compliance
  • Delete or return all Personal Data at the end of services

5. Security Measures

Ringing.io implements and maintains the following security measures:

  • Encryption of data in transit using TLS 1.2 or higher
  • Encryption of data at rest using AES-256 encryption
  • Regular security assessments and penetration testing
  • Access controls based on least privilege principle
  • Regular backups and disaster recovery procedures
  • Security incident detection and response procedures
  • Employee security training and background checks

6. Sub-processors

Current sub-processors include cloud infrastructure providers (AWS), telephony services, and payment processors. We will notify you of any changes to sub-processors with 30 days notice. You may object to new sub-processors within 14 days of notification.

7. International Transfers

Personal Data may be transferred outside your country. We ensure appropriate safeguards through:

  • Standard Contractual Clauses approved by relevant authorities
  • Adequacy decisions where applicable
  • Other legally recognized transfer mechanisms

8. Data Subject Rights

We will assist you in fulfilling your obligations to respond to data subject requests including:

  • Access to personal data
  • Rectification of inaccurate data
  • Erasure of personal data
  • Restriction of processing
  • Data portability
  • Objection to processing

9. Data Breach Notification

In the event of a personal data breach, we will notify you without undue delay and no later than 72 hours after becoming aware of the breach. The notification will include:

  • Nature of the breach and categories of data affected
  • Likely consequences of the breach
  • Measures taken or proposed to address the breach
  • Contact details for more information

10. Audits and Inspections

We will make available all information necessary to demonstrate compliance with this DPA and allow for audits conducted by the Controller or an authorized auditor, subject to reasonable notice and confidentiality agreements.

11. Liability and Indemnification

Each party's liability arising out of or related to this DPA shall be subject to the limitations of liability set forth in the Terms of Service. Each party shall indemnify the other against claims brought by data subjects arising from the indemnifying party's breach of this DPA.

12. Term and Termination

This DPA shall remain in effect for the duration of the Terms of Service. Upon termination, we will delete or return all Personal Data unless retention is required by law.

13. Contact Information

For questions about data processing, please contact:
Data Protection Officer: dpo@ringing.io
Email: privacy@ringing.io
Phone: 1-778-200-6103