Data Processing Agreement
Outlining the technical and organizational measures for Data Controllers.
This Data Processing Agreement ("DPA") supplements the Terms of Service. It outlines the obligations and guidelines related to the processing of personal data on behalf of our customers (the "Data Controller") by OneScript (the "Data Processor").
By using our services, specifically passing customer prompts and documents to train intelligent chatbots, you acknowledge this agreement.
Nature and Purpose of Processing: We process data solely to provide conversational AI capabilities to your end-users, indexing your documentation, and generating intelligent answers.
Types of Personal Data: Depending on how your users interact with the chat widget, data processed may include IP addresses, browser information, email addresses (if requested during chat execution), and text messages inputted by the end-user.
To provide the core functionalities of OneScript, we engage the following sub-processors:
| Entity Name | Role | Location |
|---|---|---|
| Vercel Inc. | Cloud Hosting & Edge Compute | Global (US Primary) |
| Supabase Inc. | Database & Storage (PostgreSQL) | US / EU |
| Google LLC (Gemini API) | LLM Infrastructure & Embeddings | US / Global |
| Dodo Payments | Payment Processing | US |
| Apify Technologies | Web Scraping & Crawling | EU (Czech Republic) |
| Resend Inc. | Transactional Email Delivery | US |
We maintain industry-standard security practices, including data encryption in transit (TLS) and at rest (AES-256), strict access controls based on the principle of least privilege, and regular security audits.
Request a Signed DPA
If your organization requires a countersigned DPA for compliance purposes, please email us:
support@onescript.xyz