Terms of Service 

DataSapien Terms of Service for Software as a Service Tiers

Last Updated: 29 April 2026 Effective Upon: Customer account creation and acceptance of these Terms.

Summary of April 2026 changes: Account tiers renamed and restructured. 

  • A new Solo tier has been introduced for evaluation and sandbox use, capped at 50 monthly active SDKs, billed at £0.50 per SDK per month with no platform fee.
  • The legacy Standard tier has been renamed to Pro (positioned for self-starters with email-only support, a 48-hour business-hours response, 5,000 SDKs included and overages at £0.15 per SDK per month). 
  • The legacy Pro tier has been renamed to Grow (positioned for supported use including PoCs, with phone/chat support, licensed per Country at £7,500/month with 50,000 SDKs per Country included and overages at £0.08 per SDK per month). 
  • The previous flat 1,000-free SDK baseline and graduated overage table have been retired in favour of tier-based inclusions and simple flat overage rates. 
  • A new clause (§6.3) covers authorised reseller and white-label arrangements, which sit outside the standard Tier pricing. 
  • Schedules A and B updated. Schedules C, D, and E unchanged in substance; contact addresses updated where confirmed.

Contents

  • Master Agreement
  • Schedule A – Service Level Agreement (SLA)
  • Schedule B – Pricing & Licensing
  • Schedule C – Branding Guidelines
  • Schedule D – Acceptable Use Policy (AUP)
  • Schedule E – Data Processing Addendum (DPA)

Master Agreement

1. Agreement Overview

These Terms of Service (“Agreement”) govern your use of the DataSapien Software Platform (“Software”), including the Orchestrator and SDK, provided by DataSapien Limited (“DataSapien”, “we”, “us”).

By creating an account or using the Software, you (“Customer”, “you”, “your”) agree to be bound by this Agreement.

2. Software & Services

2.1 Platform Components

  • Orchestrator: A cloud-based interface for low/no-code orchestration of the SDK functionality including APIs, data journeys, consent flows, and AI.
  • Mobile Backend: A cloud-based API server that communicates with SDK instances.
  • SDK: A downloadable software library to be embedded into applications for enabling Private Personalisation and Zero-Shared Data, deployed on end-user devices.

2.2 Subscription Services

  • Access to the Orchestrator, Mobile Backend and SDKs
  • Support tier based on selected plan (Solo, Pro, Grow, or Enterprise)
  • Optional professional services (training, onboarding, custom development), billed hourly

Support terms are defined in Schedule A – Service Level Agreement (SLA).

3. Account Tiers

TierIncludes
SoloSelf-service access to the Orchestrator and Sandbox app for evaluation, prototyping and testing. Capped at 50 monthly active SDKs; an upgrade to Pro, Grow or Enterprise is required beyond this cap. £0.50 per SDK per month, no platform fee. Community-only support.
ProSelf-service platform access. Email support with 48-hour business-hours response. SDK inclusion: 5,000 monthly active SDKs. Overage: £0.15 per SDK per month.
GrowSupported use including Proofs of Concept. Email and phone/chat support. Licensed per Country at £7,500/month with 50,000 monthly active SDKs per Country included. Overage: £0.08 per SDK per month.
Enterprise24/7 support, dedicated Technical Account Manager, custom SLA, custom volume terms via separate Master Services Agreement.

4. SDK Licensing & Usage

  • SDK inclusion volumes vary by tier and are detailed in Schedule B.
  • Each SDK is activated via a license key provided by DataSapien.
  • Monthly active SDK volume in excess of the tier inclusion is billed at the tier overage rate set out in Schedule B.
  • SDK licenses are non-transferable and managed via the DataSapien Orchestrator.
  • Adjustments to SDK volume require 30 days’ notice.

5. Pricing & Payment

  • Subscription fees billed monthly in advance.
  • SDK overage usage and hourly services billed monthly in arrears.
  • Net 30 payment terms.
  • Late payment may result in suspension of service.

6. Intellectual Property

6.1 All intellectual property rights in the DataSapien Software and related assets remain exclusively with DataSapien. No transfer or assignment of IP is implied or granted.

6.2 You may not modify, sublicense, resell, reverse-engineer, or redistribute the Software or SDKs, except as explicitly permitted by this Agreement or under a separate written agreement with DataSapien.

6.3 Authorised Resellers and White-Label Partners. Resale, white-labelling, embedding within a third-party platform for onward distribution, or sublicensing of the Software to third parties is permitted only under a separate written Reseller Agreement with DataSapien. The standard Tier pricing set out in Schedule B does not apply to authorised reseller or white-label arrangements; commercial terms, branding rights, and end-customer obligations applicable to such partnerships are set out in the relevant Reseller Agreement. Customers wishing to enter a reseller or white-label arrangement should contact partnerships@datasapien.com.

6.4 Any jointly developed assets, adaptations, or derivative works incorporating the DataSapien platform shall be jointly scoped and governed by a separate written agreement.

6.5 For clarity, any intellectual property developed independently by the Customer, including that which leverages or is built upon DataSapien technology, shall remain the sole and exclusive property of the Customer.

6.6 Nothing in this clause shall prevent the Customer from independently developing, owning, or commercialising products or services that make use of permitted outputs of the DataSapien platform, provided that such use does not reverse engineer, duplicate, or disclose the proprietary workings of the DataSapien Software.

7. Branding

Use of the optional “DataSapien Inside” trustmark is governed by Schedule C and available via license.

8. Privacy, Security & Data Protection

8.1 Zero-Shared Data

  • The Software processes personal data on-device by default.
  • End-user data is not shared with DataSapien. Data is only shared from the app when explicitly consented as Zero Party Data.

8.2 Account Data

  • DataSapien stores Account Data (e.g. admin info, billing, logs) securely.
  • Data is encrypted and access-controlled.

8.3 GDPR Compliance

Customers subject to GDPR, UK GDPR, or similar data laws will have data processing governed by Schedule E – Data Processing Addendum (DPA), which includes:

  • Role definitions
  • Subprocessor transparency and objection rights
  • Technical & organisational safeguards (aligned with ISO 27001 and SOC 2 Type II)
  • Breach notification and audit rights

9. Confidentiality

Each party agrees to protect all confidential information shared under this Agreement. This obligation will remain in effect for five (5) years following termination.

Obligations with respect to trade secrets survive indefinitely.

10. Term & Termination

This Agreement remains in effect until terminated.

10.1 Termination by Customer

  • Monthly subscriptions may be cancelled with 30 days’ notice.
  • Annual subscriptions are cancellable at the end of the then-current term.
  • No refunds or credits for early termination.

10.2 Termination by DataSapien

  • 30 days’ written notice, or immediate termination for breach, fraud, or unlawful use.

10.3 Post-Termination

  • SDKs must be deactivated.
  • Outstanding amounts become due.
  • Key terms (e.g., IP, confidentiality, liability, privacy, indemnity) survive.

11. Acceptable Use

You may not:

  • Use the Software unlawfully or harmfully.
  • Bypass access controls or license mechanisms.
  • Reverse-engineer SDK components.

See Schedule D – Acceptable Use Policy.

12. Business Continuity

DataSapien maintains operational and disaster recovery protocols to support service resilience.

13. Indemnification by DataSapien

We will defend and indemnify you against third-party claims alleging that the Software infringes a copyright, patent, or trademark.

Our obligations under this section are conditional upon you providing us with:

(a) Prompt written notice of the claim (b) Sole control of the defense and settlement (c) Reasonable cooperation

If needed, we may modify or replace the Software or terminate your license with a refund of unused fees.

This obligation excludes claims caused by:

  • Your modifications or combinations.
  • Use contrary to the Agreement.

14. Limitation of Liability

Total liability is limited to fees paid in the 12 months preceding the claim, except for:

  • IP infringement indemnity (Section 13).
  • Breach of confidentiality.
  • Gross negligence or willful misconduct.
  • Liability that cannot legally be excluded.

15. Force Majeure

Neither party is liable for delays or failures caused by events beyond their reasonable control.

16. Feedback

You grant DataSapien a royalty-free license to use suggestions or feedback to improve our products or services.

17. Audit & Compliance

  • SOC 2 and ISO 27001 documentation available under NDA.
  • Additional audit rights are defined in the DPA.

18. Governing Law & Dispute Resolution

This Agreement is governed by the laws of England and Wales.

Disputes follow this order:

  1. Good-faith negotiation
  2. Optional non-binding mediation
  3. English courts (exclusive jurisdiction)

19. Schedules (Incorporated by Reference)

  • Schedule A – Service Level Agreement (SLA)
  • Schedule B – Pricing & Licensing
  • Schedule C – Branding Guidelines
  • Schedule D – Acceptable Use Policy
  • Schedule E – Data Processing Addendum (DPA)

The SLA metrics defined in Schedule A apply to all standard service tiers. Customers on the Enterprise plan, and authorised resellers under Reseller Agreements, may negotiate custom SLA terms as part of a separate Master Services Agreement or Reseller Agreement respectively.

20. Enterprise Engagements

For customers requiring a custom enterprise agreement, dedicated security reviews, multi-country licensing arrangements, or planning to license more than 500,000 SDKs, please contact our sales team. These engagements are governed by a separate Master Services Agreement (MSA).

21. Contact

DataSapien Limited Monomark House, 27 Old Gloucester Street, London WC1N 3AX, UK Email: partnerships@datasapien.com

Schedule A – Service Level Agreement (SLA) – DRAFT

This Schedule A forms part of the DataSapien Enterprise SaaS Terms of Service and defines the service levels for use of the Software provided by DataSapien Limited.

Scope of This SLA

This SLA covers:

  • The Orchestrator (cloud-based platform)
  • The Mobile Backend (cloud-based API)
  • Access to SDK activation services and management APIs

This SLA does not apply to:

  • Customer infrastructure, devices, or internet access
  • Professional services or SDK functionality on-device

Definition: Scheduled Downtime

Scheduled Downtime means downtime for maintenance or system upgrades where notice is provided at least 72 hours in advance for Pro and Grow plans, performed during off-peak hours (typically 10:00 PM – 4:00 AM GMT), and not exceeding 4 hours per calendar month.

Scheduled Downtime is excluded from uptime calculations.

Shared SLA Principle

The SLA metrics defined herein apply to all standard service tiers. Customers on the Enterprise plan may negotiate a custom SLA as part of a separate Master Services Agreement (MSA).

Tier: Solo

Solo is a self-service evaluation tier. No formal SLA applies.

Service MetricCommitment
Support HoursNone — community resources only
Initial Response TimeNone — best-effort via community channels
Support ChannelsDataSapien community forum and public documentation
Incident UpdatesPosted to status.datasapien.com when applicable
Maintenance NoticePosted to status.datasapien.com

Solo customers are not eligible for SLA credits.

Tier: Pro

Service MetricCommitment
Support HoursMonday–Friday, 9:00 AM–6:00 PM GMT
Initial Response TimeWithin 48 business hours for all support tickets (i.e. 2 business days, excluding weekends and UK public holidays)
Support ChannelsEmail only: support@datasapien.com
Incident UpdatesWithin 48 hours
Maintenance Notice72 hours minimum

Tier: Grow

Service MetricCommitment
Support HoursMonday–Friday, 8:00 AM–8:00 PM GMT
Initial Response TimeCritical: within 4 business hours. Other: within 1 business day.
Support ChannelsEmail + Phone + Chat
Incident UpdatesCritical: updates every 4 hours. Other: updates within 24 hours.
Maintenance Notice72 hours minimum

Tier: Enterprise

Customers on the Enterprise plan are entitled to:

  • 24/7 support availability
  • Dedicated Technical Account Manager (TAM)
  • Option to define bespoke metrics (RPO, RTO, Uptime, Priority Definitions)

Specific Enterprise SLA terms are defined in the Master Services Agreement (MSA).

Contact: sales@datasapien.com

SLA Exclusions

This SLA does not apply to:

  • Issues caused by Customer hardware, network, or software
  • Force majeure events (e.g. power outage, war, internet failure)
  • Downtime of third-party services not operated by DataSapien
  • SDKs used outside licensed scope or in unsupported environments

SLA Credits

Available only for Grow and Enterprise tiers.

ItemTerm
EligibilitySLA breach resulting in less than promised uptime
Credit Cap10% of the monthly fee for the affected service
Claim DeadlineMust be submitted within 30 days of the incident
Exclusive RemedyCredits are the sole and exclusive remedy for SLA breach

Change Management

We reserve the right to update this SLA periodically. Significant changes will be communicated at least 30 days in advance.

Schedule B – Pricing & Licensing

This Schedule B forms part of the DataSapien Enterprise SaaS Terms of Service and outlines the subscription pricing, SDK licensing model, and billing structure applicable to the Customer’s use of the Software and Services.

1. Account Tiers

PlanBase Platform Fee (Monthly)SDK InclusionsSDK Overage RateIncluded Support
SoloNone (no platform fee)None — capped at 50 monthly active SDKsN/A — upgrade required beyond 50 active SDKs. Per-SDK rate of £0.50 per SDK per month applies to all Solo SDKs.Community resources only
Pro£1,0005,000 monthly active SDKs£0.15 per additional SDK / monthEmail (Mon–Fri business hours, 48hr response)
Grow£7,500 per Country50,000 monthly active SDKs per Country£0.08 per additional SDK / monthEmail + phone/chat (extended hours)
EnterpriseCustom (see Section 6)CustomCustom24/7 + Dedicated Technical Account Manager

1.1 Definition of “Country” (Grow Tier)

For Grow tier purposes, “Country” means a sovereign territory in which the Customer has declared, at the point of contract signature or via written addendum, an intent to deploy the Software. Each declared Country requires its own Grow tier subscription and is billed accordingly. Adding a new Country to an existing Grow subscription requires written notice and takes effect at the next billing cycle.

1.2 Tier Suitability and Volume Thresholds

Solo tier is a sandbox tier intended for evaluation, prototyping and testing only. Customers reaching the 50 monthly active SDK cap on Solo must upgrade to Pro, Grow or Enterprise to continue activating SDKs.

Pro tier is intended for self-service development, single-product deployments, and customers with predictable, modest SDK volumes. Customers with monthly active SDK volume materially exceeding 50,000 are expected to upgrade to Grow or Enterprise tier. DataSapien reserves the right to review tier suitability at any billing cycle and require upgrade where usage materially exceeds the spirit of the tier.

2. SDK Licensing & Pricing

2.1 Licensing Model

  • SDKs are licensed on a monthly active basis.
  • Each SDK is tied to a unique activation key for a single user device.
  • SDK usage is tracked and billed based on monthly active deployments.
  • All SDK licenses are non-transferable and managed via the DataSapien Orchestrator.

2.2 SDK Overage Pricing

Monthly active SDKs in excess of the tier inclusion are billed monthly in arrears at the tier overage rate set out in Section 1 above. The tier inclusion is consumed first; the overage rate applies only to volume above inclusion.

For Grow tier customers, overage is calculated per Country: each Country’s 50,000 inclusion is consumed independently before overage rates apply.

Overage rates are flat per SDK and do not vary by volume; customers seeking volume-based pricing should contact sales regarding Enterprise tier.

3. Billing & Payment Terms

  • Platform fees are billed monthly in advance.
  • SDK overage usage fees are billed monthly in arrears.
  • SDK fees are not prorated; SDKs are billed as active if telemetry is received in the period.
  • Payment terms: Net 30 days from invoice date.

4. Upgrades, Downgrades & Term Changes

  • Upgrades (e.g., from Pro to Grow) may be requested at any time and take effect at the next billing cycle.
  • Downgrades require 30 days’ notice and are processed at the end of the current billing period.
  • Adding additional Countries to a Grow subscription is treated as an upgrade and takes effect at the next billing cycle.
  • Enterprise usage commitments or custom pricing are governed under separate agreement.

5. SDK License Duration

  • SDK licenses are active only during the billing month in which they are used.
  • SDKs not in use during a billing period are not charged.
  • SDK activation keys may be deactivated for misuse or excessive churn per the Acceptable Use Policy.

6. Enterprise Pricing & Volume Licensing

Enterprise Customers may negotiate:

  • Annual or multi-year platform access
  • Custom SDK pricing including volume-based or graduated rates
  • Multi-country bundled licensing
  • Committed usage discounts and payment schedules
  • Tailored invoicing or reporting requirements

These terms are documented in a Master Services Agreement (MSA).

Contact: sales@datasapien.com

7. Reseller and White-Label Pricing

The Tier pricing in this Schedule B does not apply to authorised reseller, white-label or embedded-distribution arrangements. Such arrangements are governed by separate Reseller Agreements which set their own commercial terms, including any partner discounts, revenue share, finder’s fees, or per-deployment licensing structures. See Master Agreement §6.3.

Contact: partnerships@datasapien.com

8. Taxes

All fees are quoted exclusive of taxes. VAT, sales tax, or other required taxes will be added based on Customer location and applicable laws.

9. Price Changes

DataSapien may update pricing with 60 days’ written notice. Changes apply only to SDK usage and platform fees after the notice period.

10. Professional Services

Optional services such as advanced training, onboarding, and integration support are available upon request.

Unless otherwise agreed in a separate Statement of Work (SOW):

  • Professional services are billed at £200 per hour.
  • Minimum billing increment: 1 hour.
  • Travel, accommodation, and related expenses (if applicable) will be invoiced separately.

Schedule C – Branding Guidelines

(No changes from previous version.)

This Schedule C forms part of the DataSapien Enterprise SaaS Terms of Service and governs the permitted use of the DataSapien brand, including its logos, SDK attribution, and the optional “DataSapien Inside” trustmark.

1. Licensing & Scope of Use

You are granted a limited, non-exclusive, revocable license to use DataSapien brand assets under the following conditions:

Tier 1: Pre-Approved Use (No Approval Needed) — You may use brand assets for the standard uses listed in Section 2, provided you adhere to these guidelines.

Tier 2: Custom Use (Approval Required) — All other uses, including public press releases, joint marketing campaigns, advertisements, and case studies, require prior written approval from DataSapien.

2. Pre-Approved Uses

The following uses do not require prior approval if brand assets are used unaltered and within the styling rules defined in Section 4:

  • In-app or on-device attribution (e.g. “Powered by DataSapien” or “DataSapien Inside”)
  • References in user-facing help documentation or privacy notices
  • Internal stakeholder or B2B client presentations
  • Trust-building UX elements (e.g. privacy settings screens, onboarding flows)

These uses must not suggest partnership, endorsement, or certification unless explicitly approved.

3. Prohibited Uses

You may not:

  • Alter, distort, animate, or modify any DataSapien logo or wordmark
  • Use the brand in your company name, product name, or domain
  • Imply endorsement, certification, or official partnership without written agreement
  • Display brand assets alongside illegal, misleading, or offensive content
  • Use DataSapien brand assets in any context that disparages DataSapien, its technology, or its services

4. Visual & Technical Guidelines

All brand assets must:

  • Maintain minimum clear space equal to 1× the height of the logo
  • Use approved versions (no cropping, color inversion, or overlay effects)
  • Follow the color and sizing rules defined at our Brand Resource Center

You can find logos, icons, and implementation guides at: datasapien.com/brand-resources

5. Messaging & Attribution

5.1 Pre-Approved Messaging

You may use the following approved phrases in your UI, documentation, or marketing assets:

  • “Powered by DataSapien”
  • “Private Personalisation by DataSapien SDK”
  • “User data protected with DataSapien Inside”
  • “Privacy-enhanced by DataSapien”
  • “On-device intelligence enabled by DataSapien”

You may not imply that DataSapien is responsible for your end-user data practices, unless your implementation has been reviewed and approved.

6. Co-Branded Campaigns & Approvals

If you wish to use brand assets in a joint go-to-market campaign, press release, customer case study, or advertising collateral, you must request approval via design@datasapien.com.

Requests should include a mockup or example of the proposed use and be submitted at least 10 business days before planned publication.

7. Termination & Revocation

All rights to use DataSapien branding terminate immediately upon:

  • Expiry or termination of your Agreement
  • Breach of these guidelines
  • Written revocation of permission by DataSapien

Upon termination, you must remove or disable all brand references within 7 days.

Schedule D – Acceptable Use Policy (AUP)

(No changes from previous version.)

This Acceptable Use Policy (“AUP”) forms part of the DataSapien Enterprise SaaS Terms of Service (“Agreement”) between DataSapien Limited (“DataSapien”) and the Customer.

By accessing or using the Software, SDKs, APIs, or services, you agree to comply with this AUP.

1. Prohibited Conduct

You may not use the Software or related services to:

1.1 Illegal or Harmful Activity

  • Transmit or store material that is illegal, defamatory, deceptive, or otherwise unlawful
  • Publish or disseminate content that constitutes hate speech, harassment, misinformation, or incites or promotes violence
  • Engage in or facilitate phishing, spamming, or the distribution of unsolicited bulk messages
  • Promote or support malware, ransomware, or other malicious code

1.2 Security Violations

  • Attempt to gain unauthorized access to any DataSapien or third-party system, network, or data
  • Probe, scan, or test for vulnerabilities without explicit written permission
  • Bypass, disable, or interfere with authentication, access controls, or licensing mechanisms

1.3 Interference with Service

  • Disrupt, degrade, or overload platform performance
  • Launch denial-of-service (DoS) or similar disruptive attacks
  • Use automated systems (bots, scripts) to mine, scrape, or stress-test platform APIs

2. SDK-Specific Restrictions

You may not:

  • Reverse engineer, decompile, or disassemble the SDK
  • Attempt to activate SDKs without valid activation keys issued by DataSapien
  • Redistribute SDKs to third parties without prior written consent (see Master Agreement §6.3)
  • Use SDKs outside their licensed device or agreed usage scope

3. Data Misuse

You are solely responsible for your relationship with your end-users. This includes providing clear, transparent notice and obtaining all necessary rights and consents for the data you process using the Software.

You may not:

  • Collect, process, or share personal data without a lawful basis or valid consent
  • Mislead users about what data is being used or shared
  • Circumvent or modify SDK defaults to extract personal insights without opt-in
  • Attempt to bypass the Zero-Shared Data model or simulate platform impersonation

4. Brand & Platform Integrity

You may not:

  • Misrepresent your use of the Software, including falsely implying affiliation, partnership, or certification by DataSapien
  • Remove, alter, or obscure legal notices, attribution marks, or licensing information
  • Use the Software to build or support a competing product
  • Conduct any performance, vulnerability, or benchmark testing, or publish any analysis or comparison of the Software without prior written consent from DataSapien

5. Enforcement & Consequences

DataSapien may suspend or terminate your account or specific components thereof, without notice, if:

  • This AUP is violated
  • There is a credible security or legal risk
  • Your use threatens the reliability or integrity of the platform

Where appropriate, DataSapien will provide notice and an opportunity to cure violations, unless immediate action is necessary to protect systems or comply with law.

6. Reporting Violations

To report misuse or suspected violations of this AUP, please contact: DPO@datasapien.com

7. Updates

This AUP may be updated periodically. Material changes will be communicated through your registered account or displayed on our website.

Schedule E – Data Processing Addendum (DPA)

(No changes from previous version.)

This Data Processing Addendum (“DPA”) forms part of the DataSapien Enterprise SaaS Terms of Service (“Agreement”) between DataSapien Limited and the Customer (each a “Party” and collectively, the “Parties”).

This DPA applies only where DataSapien processes personal data on behalf of the Customer under the Agreement, in accordance with the UK GDPR, EU GDPR, or similar data protection laws.

1. Definitions

Controller: The Customer, determining the purposes and means of processing personal data.

Processor: DataSapien, acting on behalf of the Customer in processing personal data.

Personal Data, Data Subject, Processing, and other capitalised terms shall have the meanings given in GDPR.

2. Roles & Scope

DataSapien acts as a processor only for:

  • Account-level data (e.g. admin user names, emails, billing contact information, and system logs)
  • Metadata related to the Customer’s use of the Software

DataSapien does not process personal data generated through SDK deployment unless explicitly configured by the Customer and agreed in writing.

3. Customer Responsibilities

The Customer:

  • Acts as a data controller
  • Confirms it has a lawful basis to collect and share personal data
  • Is solely responsible for end-user disclosures and obtaining consent where required

4. Processor Obligations

DataSapien agrees to:

  • Process personal data only on documented instructions from the Customer (including via Agreement and configuration)
  • Ensure personnel are subject to confidentiality obligations
  • Implement and maintain appropriate technical and organisational measures (see Section 7)
  • Provide assistance to the Customer in:
    • Responding to data subject rights requests
    • Reporting data breaches
    • Data protection impact assessments, where required
  • Delete or return personal data upon termination of the Agreement, at Customer’s request

5. Subprocessors

5.1 Appointment

DataSapien uses certain subprocessors for hosting and system delivery. These are listed in the DataSapien Privacy Policy.

5.2 Notification & Objection

  • DataSapien will notify the Customer 30 days before adding a new subprocessor
  • The Customer may object on reasonable data protection grounds
  • If unresolved, the Customer may terminate the impacted services

6. International Transfers

Where personal data is transferred outside the UK/EEA:

  • Transfers will be subject to the Standard Contractual Clauses (SCCs) approved by the European Commission or UK ICO
  • DataSapien will implement supplementary safeguards (e.g. encryption, access controls)

7. Security Measures

DataSapien maintains security measures appropriate to the risk, including:

  • Encryption at rest and in transit
  • Role-based access control
  • Regular penetration testing
  • Secure development practices
  • SOC 2 Type II and ISO 27001-aligned procedures

Details are available under NDA upon written request.

8. Personal Data Breaches

In the event of a confirmed breach affecting Customer personal data:

  • DataSapien will notify the Customer without undue delay, and in any case within 48 hours
  • The notice will include a description of:
    • The nature and impact of the breach
    • Measures taken or proposed
    • Contact details for further inquiries

9. Audit & Information Access

  • DataSapien will provide documentation necessary to demonstrate compliance with this DPA
  • Upon reasonable written request and subject to confidentiality, the Customer may:
    • Receive security audit reports (e.g. SOC 2)
    • Conduct an on-site or third-party audit (max. once per year), at Customer’s cost

10. Duration

This DPA remains in effect for as long as DataSapien processes personal data on behalf of the Customer under the Agreement.

11. Precedence

In the event of a conflict between this DPA and the Agreement, the DPA shall prevail to the extent of such conflict.

12. Contact

Questions or concerns related to this DPA may be directed to:

Data Protection Officer DataSapien Limited Email: DPO@datasapien.com

Annex 1: Details of Processing

FieldDetail
Subject MatterProvision of access and support services to Customer
Duration of ProcessingFor the term of the Agreement
Nature of ProcessingHosting, support, billing, diagnostics
Categories of DataAccount Data: name, email, billing contact info
Data SubjectsCustomer staff and administrators