Data Processing Addendum

Purpose

This page summarizes the data processing commitments Enck is prepared to make when we process personal data on behalf of a customer. It is intended as a practical overview and does not replace an executed agreement.

Roles of the Parties

In most product deployments, the customer is the controller or business responsible for deciding which personal data is submitted to Enck. Enck acts as a processor or service provider and processes that data only to provide the contracted services, secure the platform, and meet legal obligations.

Scope of Processing

Depending on the customer configuration, processing may include:

• Hosting, storing, organizing, and retrieving business records and workspace data.
• Processing messages, prompts, tasks, and outputs needed for AI-assisted operations workflows.
• Routing data to customer-approved integrations such as email, calendar, telephony, or billing tools.
• Maintaining logs, security events, and billing records needed to operate the service.

Confidentiality and Security

Enck limits access to customer data to personnel and providers who need that access to operate or support the service and who are bound by confidentiality obligations. We maintain technical and organizational safeguards proportionate to the nature of the service, including managed infrastructure controls, scoped credentials, and access restrictions.

Operational details are summarized on our Security page.

Subprocessors

We may use subprocessors to provide infrastructure, communications, payments, authentication, AI model access, and other product capabilities. Those providers are selected to reduce custom operational burden while maintaining production-grade controls.

Current providers are listed on the Subprocessors page.

International Data Transfers

Enck and its subprocessors may process data in multiple countries. Where a customer requires additional transfer protections, we can discuss appropriate contractual terms, including standard transfer mechanisms where relevant to the relationship.

Assistance with Rights Requests and Incidents

To the extent required by law and appropriate for the service, Enck can assist with customer requests related to access, deletion, correction, export, or incident investigation. Customers remain responsible for evaluating and responding to requests from their own users, customers, and contacts.

Deletion or Return of Data

Upon termination of the service and subject to legal, accounting, and security obligations, Enck will delete or return customer data in accordance with the applicable agreement and operational limits of the platform.

How to Request an Executed DPA

If your procurement, legal, or security team requires an executed DPA, email hello@enck.ai with your company name, billing entity, and any required form language. We will review the request and provide next steps.