Demo
Back to home
Legal center

Data Processing Agreement

This DPA describes the customer/controller and CallGen/processor relationship for B2B workspace data.

Document info
Effective
May 28, 2026
Updated
May 28, 2026
Version
2026-05-28

Roles

For customer workspace data, the customer is generally the controller/responsible party and CallGen is generally the processor/service provider acting on customer instructions. CallGen may act as controller for account, billing, security, analytics, and direct business relationship data.

Processing instructions

CallGen processes customer data to provide the service, including AI agents, communications, storage, transcription, analysis, support, billing, security, integrations, and legal compliance.

Subprocessors

Subprocessors may include OpenAI, Twilio, Stripe, Google, Meta, ElevenLabs, Deepgram, Odoo, Cloudflare, hosting, database, observability, email, security, and infrastructure providers used to operate the service.

Security measures

CallGen maintains technical and organizational measures appropriate to the service, including access controls, HTTPS, workspace separation, logging, monitoring, backups, incident response, and secret handling.

International transfers

Customer data may be processed in countries where CallGen or subprocessors operate. CallGen will use reasonable transfer safeguards required by applicable law and contract.

Incident notification

CallGen will notify affected customers of confirmed security incidents involving customer data without undue delay after becoming aware, consistent with investigation, containment, and legal requirements.

Deletion or return

Upon termination, CallGen will delete or return customer data according to product functionality, written agreement, backup schedules, and legal, security, billing, or fraud-prevention obligations.

Confidentiality

Personnel and providers with access to customer data are subject to confidentiality obligations or equivalent professional duties.

Data subject requests

CallGen will reasonably assist customers with access, deletion, correction, opposition, portability, or similar requests where the relevant data is processed on the customer's behalf.

Reasonable audit

Customers may request reasonable compliance information. Audits must be scoped, scheduled, confidential, non-disruptive, and subject to security limitations.

This page is a product policy summary and baseline contractual notice. It should be reviewed by qualified counsel for your exact entity, jurisdiction, customer contracts, and regulated use cases.