Data Processing Agreement (DPA)

This Agreement governs the processing of personal data in accordance with GDPR requirements.

1. Subject Matter and Duration KooAI processes personal data on behalf of the Client to provide ERP services. The duration of processing corresponds to the term of the service agreement.

2. Roles of the Parties The Client acts as the 'Data Controller' and KooAI acts as the 'Data Processor' under GDPR Article 28.

3. Processor Obligations KooAI commits to: (a) processing data only on documented instructions; (b) ensuring personnel confidentiality; (c) implementing technical and organizational measures (TOMs) as per Article 32.

4. Sub-processors KooAI uses trusted sub-processors (e.g., Supabase, Stripe) for hosting and payments. We maintain an up-to-date list and notify clients of changes.

5. Data Deletion Upon contract termination, KooAI will delete or return all personal data within 30 days, unless statutory storage obligations apply.