Data Processing Addendum
(DPA)

Effective date: 1 April 2026
Last Updated: 4 April 2026

This Data Processing Addendum ("DPA") forms part of the agreement between Digibility ("Digibility," "Processor," "we," "our," or "us") and the customer entity or individual using Digibility’s services ("Customer" or "Controller").

This DPA applies when Digibility processes Personal Data on behalf of the Customer in connection with Digibility’s platform and related services.

1. Scope

Digibility provides software and related services for AI-assisted marketing operations, including onboarding, business/profile analysis, content planning, content creation workflows, approvals, scheduling, publishing, connected-channel management, analytics, reporting, and support.

This DPA applies only to Personal Data that Digibility processes on behalf of the Customer in delivering those services.

2. Roles of the Parties

  • The Customer is the Controller of Customer Personal Data.
  • Digibility is the Processor of Customer Personal Data.
  • Digibility may act as an independent controller for limited business operations such as billing, fraud prevention, security, legal compliance, and service communications.

3. Nature and Purpose of Processing

Digibility may process Personal Data for the following purposes:

  • creating and administering accounts and workspaces;
  • completing onboarding and business setup;
  • running AI-assisted analysis and content workflows;
  • generating, storing, reviewing, and revising content;
  • scheduling and publishing content to connected third-party platforms;
  • retrieving analytics and performance data from connected services;
  • handling support requests, notifications, and service operations;
  • maintaining, securing, and improving the service.

4. Categories of Personal Data

Depending on how the Customer uses Digibility, the Personal Data processed may include:

  • names, business names, email addresses, and account identifiers;
  • connected account metadata and identifiers;
  • authentication and integration data, including tokens where required;
  • content inputs, drafts, media, captions, hashtags, and approval data;
  • publishing and scheduling metadata;
  • analytics and reporting data returned by connected platforms;
  • support communications and troubleshooting data;
  • technical and usage data necessary to operate and secure the service.

5. Categories of Data Subjects

Data Subjects may include:

  • the Customer’s users, employees, contractors, and administrators;
  • business contacts and authorized representatives;
  • audiences or profile visitors whose data becomes available through customer-authorized integrations;
  • support requestors and communication recipients.

6. Customer Responsibilities

The Customer represents and warrants that it:

  • has all necessary rights, permissions, and lawful bases to provide Personal Data to Digibility;
  • will provide required notices and obtain required consents where applicable;
  • will use Digibility in compliance with applicable data protection law;
  • will not instruct Digibility to process Personal Data unlawfully.

7. Digibility Responsibilities

Digibility will:

  • process Personal Data only on documented instructions from the Customer, except where required by law;
  • ensure that authorized personnel are bound by confidentiality obligations;
  • maintain reasonable technical and organizational safeguards;
  • provide reasonable assistance with Data Subject requests where legally required;
  • notify the Customer without undue delay after becoming aware of a confirmed Security Incident affecting Customer Personal Data;
  • delete or return Customer Personal Data in accordance with the agreement and applicable law.

8. Security Measures

Digibility maintains reasonable safeguards designed to protect Customer Personal Data, including as appropriate:

  • access controls and role-based permissions;
  • authentication controls;
  • encryption in transit and, where appropriate, at rest;
  • logging and monitoring;
  • secure handling of connected-account credentials and tokens;
  • backup and recovery controls;
  • incident response procedures.

9. Subprocessors

The Customer authorizes Digibility to use subprocessors as reasonably necessary to provide the service, including for infrastructure hosting, databases, analytics, billing, customer communications, AI features, and support tooling.

Digibility remains responsible for its subprocessors to the extent required by applicable law.

10. International Transfers

Where Personal Data is transferred across borders, Digibility will use a lawful transfer mechanism where required under applicable law.

11. Data Subject Requests

If Digibility receives a request directly from a Data Subject relating to Customer Personal Data, Digibility may direct the request to the Customer and provide reasonable assistance where required by law.

12. Return and Deletion

Upon termination of the services, Digibility will delete or return Customer Personal Data within a commercially reasonable period, unless retention is required by law, needed for security, backup, fraud prevention, or legal claims.

13. Security Incident Notice

If Digibility becomes aware of a confirmed Security Incident affecting Customer Personal Data, Digibility will notify the Customer without undue delay and share reasonably available information about the incident.

14. Liability

This DPA is subject to the liability limitations in the main agreement, except where applicable law requires otherwise.

15. Contact

For questions about this DPA or data processing matters, contact:

Contact Person: Amit Gupta

Address: C3-503, Nyati Esteban 1, Undri, Pune 411060, Maharashtra, India

Email: info@digibility.ai