Data Processing Agreement (DPA)

This Data Processing Agreement (“DPA”) forms part of and is incorporated into the VOIPx3 Terms of Service and/or applicable Service Agreement (“Agreement”) between VOIPx3, Inc. (“VOIPx3,” “Processor”) and the customer (“Customer,” “Controller”).

• Personal Data” means any information relating to an identified or identifiable individual. 
• “Processing” means any operation performed on Personal Data (e.g., collection, storage, use, transmission). 
• “Controller” means the entity that determines the purposes and means of Processing. 
• “Processor” means the entity that processes Personal Data on behalf of the Controller.

• Customer acts as the Controller 
• VOIPx3 acts as the Processor 

VOIPx3 will process Personal Data only on documented instructions from the Customer, except where required by law.

VOIPx3 processes Personal Data in connection with providing telecommunications and related services, including:

• Voice communications (call metadata, recordings where enabled) 
• SMS/MMS messaging 
• AI voice and chat interactions 
• Account and billing information 

Categories of Data May Include:

• Contact information (name, phone number, email) 
• Communication content (calls, messages, transcripts) 
• Usage and metadata (call logs, timestamps, IP addresses) 

Data Subjects May Include:

• Customer employees and users 
• End users and customers of Customer 
• Business contacts 

Customer is responsible for:

• Ensuring lawful basis for processing Personal Data 
• Providing required notices to individuals 
• Obtaining all necessary consents (e.g., SMS, call recording, AI use) 
• Complying with applicable laws (GDPR, CCPA, TCPA, etc.)

VOIPx3 agrees to:

• Process Personal Data only as instructed by Customer 
• Maintain appropriate technical and organizational safeguards 
• Ensure personnel are bound by confidentiality obligations 
• Assist Customer with compliance obligations where reasonably required

VOIPx3 implements commercially reasonable security measures, including:

• Access controls and authentication 
• Encryption in transit (where applicable) 
• Network and infrastructure protection 
• Monitoring and incident response procedures

VOIPx3 may engage third-party subprocessors (e.g., carriers, cloud providers).

VOIPx3 will:

• Ensure subprocessors are bound by data protection obligations 
• Remain responsible for their performance 

A list of subprocessors may be provided upon request.

VOIPx3 may process or transfer Personal Data outside of the Customer’s jurisdiction.

Where required, VOIPx3 will implement appropriate safeguards, such as:

• Standard Contractual Clauses (SCCs) 
• Equivalent lawful transfer mechanisms

VOIPx3 will assist Customer, where reasonably possible, in responding to:

• Access requests 
• Deletion requests 
• Correction requests 

Customer remains responsible for handling such requests.

VOIPx3 will notify Customer without undue delay upon becoming aware of a confirmed breach of Personal Data affecting Customer data.

Notification will include:

• Nature of the breach 
• Categories of affected data (if known) 
• Mitigation steps taken

VOIPx3 will retain Personal Data only as necessary to provide Services and comply with legal obligations.

Upon termination of Services, VOIPx3 will:

• Delete or return Personal Data, where feasible 
• Retain data where required by law or for legitimate business purposes

Upon reasonable request, VOIPx3 may provide information necessary to demonstrate compliance with this DPA.

Customer agrees not to conduct audits that:

• Disrupt VOIPx3 operations 
• Require access to confidential systems or other customers’ data

This DPA is subject to the limitations of liability set forth in the applicable Agreement.

This DPA is governed by the laws of the State of Texas, unless otherwise required by applicable data protection laws.

In the event of a conflict:

1. This DPA 
2. Terms of Service / Service Agreement 
3. Other policies