LEGAL

LEGAL

Ajax Data Processing Addendum

Ajax Data Processing Addendum

This Data Processing Addendum (“DPA”) is incorporated into and subject to the terms of the Agreement between NapoleonScout, Inc., d/b/a Ajax and the Customer. It governs how Ajax processes Customer Data under applicable Data Protection Laws, including GDPR, CCPA, and other international privacy regulations.


1. Definitions

  • Affiliate – Any entity that controls, is controlled by, or is under common control with another entity.

  • Agreement – Ajax’s Terms of Use or other written/electronic agreements that govern the provision of the Service.

  • Customer Data – Any personal data processed by Ajax on behalf of the Customer.

  • Data Protection Laws – Includes GDPR, CCPA, CPA, CTDPA, UCPA, VCDPA, PIPEDA, LGPD, Australian Privacy Law, and other applicable regulations.

  • Security Incident – Any unauthorized breach that results in the loss, alteration, or unauthorized access to Customer Data.


2. Roles and Responsibilities

  • Ajax acts as a processor for Customer Data.

  • Ajax will process data only in accordance with:

    • Customer’s lawful instructions

    • Applicable laws

  • Customer responsibilities:

    • Ensure compliance with all Data Protection Laws

    • Provide proper notice and consent where required


3. Subprocessing

  • Ajax may engage Subprocessors to assist in fulfilling its obligations.

  • The list of authorized Subprocessors includes:

    • OpenAI

    • Anthropic

    • Google Gemini

    • Amazon Web Services

    • Vercel

    • PostHog

  • Ajax remains responsible for ensuring Subprocessors comply with data protection obligations.


4. Security and Compliance

  • Ajax implements and maintains industry-standard security measures to protect Customer Data.

  • In the event of a Security Incident:

    • Ajax will notify the Customer within 48 hours.

    • Take appropriate remediation steps.

  • Customers are responsible for:

    • Securely managing authentication credentials.

    • Ensuring secure data transmission.


5. Data Subject Rights

  • Ajax provides tools to help Customers:

    • Retrieve, correct, delete, or restrict Customer Data.

  • Customers must handle data subject requests and provide legal justification for data processing.

  • Ajax may offer additional assistance for compliance with GDPR and CCPA data rights.


6. International Data Transfers

  • Customer Data may be processed in the United States and other countries where Ajax operates.

  • For European Data Transfers – Ajax complies with Standard Contractual Clauses (SCCs).

  • For Australian Data Transfers – Compliant with Australian Privacy Law.


7. Deletion or Retention of Data

  • Upon termination of the Agreement:

    • Ajax will delete all Customer Data within 30 days.

    • Unless required by law to retain certain information.


8. Governing Law

  • The DPA is governed by the jurisdiction stated in the Customer Agreement, in compliance with applicable Data Protection Laws.