Legal
Data processing addendum (DPA)
Last updated: April 2026
This page summarises the standard data processing addendum we sign with customers under GDPR Article 28. The full countersigned PDF is available on request for paid plans.
Roles
You (customer) are the data controller. CallPulse is the data processor.
Subprocessors
Storage (AWS / Azure, customer region), transcription providers, LLM providers. Current list available on request.
Security
AES-256 at rest, TLS 1.2+ in transit, tenant-isolated. Audit logs retained for 12 months. Breach notification within 72 hours of discovery.
Data subject rights
We assist controllers in responding to data subject requests for access, correction, deletion, and portability.
International transfers
Standard Contractual Clauses apply where data leaves the customer’s region. Customers on Enterprise plans may request region-locked processing.
Request the countersigned DPA
Email legal@callpulse.ai with your company name and billing contact.