Last Updated: November 29, 2025
This Data Processing Addendum (DPA) forms part of the agreement between Novalistic.ai and the Customer for the provision of AI chatbot services. This DPA governs the processing of personal data in accordance with applicable data protection laws, including GDPR.
Controller means the entity that determines the purposes and means of processing personal data. Processor means the entity that processes personal data on behalf of the Controller. Personal Data means any information relating to an identified or identifiable natural person. Data Subject means the individual to whom personal data relates.
Novalistic.ai acts as a Processor when processing personal data on behalf of the Customer (Controller) through our AI chatbot services. We process personal data only in accordance with documented instructions from the Customer.
We process personal data including but not limited to: names, email addresses, conversation data, usage information, and technical data. The purpose of processing is to provide AI chatbot services, improve service quality, and provide customer support.
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption of data in transit and at rest, access controls, regular security assessments, and staff training on data protection.
We may engage sub-processors to assist in providing our services. We maintain a list of authorized sub-processors and will inform customers of any changes. All sub-processors are bound by data protection obligations equivalent to those in this DPA.
We will assist the Customer in responding to requests from data subjects exercising their rights under applicable data protection laws, including rights of access, rectification, erasure, restriction, portability, and objection.
In the event of a personal data breach, we will notify the Customer without undue delay and provide sufficient information to allow the Customer to meet any obligations to report or inform data subjects of the breach.
We will delete or return all personal data to the Customer upon termination of services, unless required by law to retain certain data. Customers may request data deletion at any time during the service period.
We will make available to the Customer information necessary to demonstrate compliance with this DPA and allow for audits and inspections conducted by the Customer or an authorized auditor.
Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.
For questions about data processing, please contact our Data Protection Officer at:
Email: info@novalistic.ai
Phone: +1-706-714-5143