AUTOBIZ
FeaturesPricingDocsBlogContact
Log InStart for Free

Data Processing Agreement

Last updated: April 2026

1. Scope

This Data Processing Agreement ("DPA") applies to the processing of personal data by AUTOBIZ on behalf of the business ("Data Controller") when using the AUTOBIZ platform. This DPA supplements our Terms of Service and Privacy Policy.

2. Definitions

  • Data Controller: The business that uses AUTOBIZ to manage customer conversations
  • Data Processor: AUTOBIZ, which processes data on behalf of the Data Controller
  • Personal Data: Any information relating to an identified or identifiable natural person
  • Processing: Any operation performed on personal data

3. Data Processing Scope

AUTOBIZ processes the following categories of personal data on behalf of the Data Controller:

  • Customer names and phone numbers (from WhatsApp conversations)
  • Message content and conversation history
  • Order and appointment data
  • Media files shared in conversations

4. Processing Obligations

As Data Processor, AUTOBIZ shall:

  • Process personal data only on documented instructions from the Data Controller
  • Ensure that persons authorized to process the data are bound by confidentiality obligations
  • Implement appropriate technical and organizational security measures
  • Not engage another processor without prior authorization of the Data Controller
  • Assist the Data Controller in fulfilling data subject rights requests
  • Delete or return all personal data upon termination of service
  • Make available all information necessary to demonstrate compliance

5. Security Measures

AUTOBIZ implements the following security measures:

  • Encryption of data at rest and in transit (AES-256-GCM, TLS)
  • Multi-tenant data isolation
  • Access control and authentication mechanisms
  • Regular security assessments and monitoring
  • Incident response procedures
  • Data backup and recovery capabilities

6. Data Breach Notification

In the event of a personal data breach, AUTOBIZ shall notify the Data Controller without undue delay and no later than 72 hours after becoming aware of the breach. The notification will include the nature of the breach, categories of data affected, and measures taken to address it.

7. Sub-processors

AUTOBIZ uses the following categories of sub-processors:

  • Cloud infrastructure providers (hosting and database services)
  • AI model providers (for generating conversational responses)
  • Messaging platform APIs (WhatsApp Cloud API via Meta)

8. Contact

For DPA-related inquiries, contact support@autobiz.lk.