Data Processing Addendum

Effective Date: January 15, 2026

This Data Processing Addendum ("DPA") forms part of the agreement between Pyze, Inc. ("Pyze") and the customer ("Customer") governing the use of Pyze services (the "Agreement").

1. Scope and Roles

  • Customer is the Data Controller
  • Pyze acts as a Data Processor (or Subprocessor where applicable)

Pyze will process Personal Data solely:

  • On documented instructions from Customer
  • To provide the Services
  • In accordance with applicable data protection laws (e.g., GDPR)

2. Processing Details

Nature of Processing

Collection, analysis, and monitoring of application usage and workflow data.

Categories of Data Subjects

Customer employees, contractors, or authorized users.

Categories of Personal Data

May include:

  • User identifiers (e.g., user ID, email where applicable)
  • System interaction data
  • Application usage metadata

3. Customer Obligations

Customer agrees that:

  • It has obtained all necessary rights and consents
  • It determines the purpose and scope of data collection
  • It is responsible for data accuracy and legality

4. Pyze Obligations

Pyze shall:

  • Process Personal Data only as instructed
  • Ensure personnel are bound by confidentiality
  • Implement appropriate technical and organizational measures
  • Assist Customer in meeting regulatory obligations (where applicable)
  • Notify Customer of data breaches without undue delay

5. Subprocessors

Pyze may engage subprocessors to support service delivery.

  • Subprocessors will be bound by equivalent data protection obligations
  • A current list of subprocessors is available at: pyze.com/subprocessors

6. Data Transfers

Where data is transferred outside applicable jurisdictions:

  • Pyze will implement appropriate safeguards
  • Including Standard Contractual Clauses (SCCs) where required

7. Security Measures

Pyze maintains appropriate safeguards, including:

  • Encryption in transit
  • Access controls and authentication
  • Monitoring and logging
  • Infrastructure security practices

See our Security page for details.

8. Data Subject Requests

Pyze will assist Customer, where reasonably required, in responding to:

  • Access
  • Deletion
  • Correction requests

9. Data Retention & Deletion

  • Data is retained only as necessary to provide services
  • Upon termination, data will be deleted or returned per Customer instructions

10. Audit Rights

Pyze will provide reasonable information to demonstrate compliance.

Formal audits:

  • Must be reasonable
  • Subject to confidentiality
  • No more than once annually unless required by law

11. Liability

Liability under this DPA is subject to the limitations set forth in the Agreement.

12. Governing Law

This DPA is governed by the same law as the Agreement.