Data Processing Agreement

Last updated: May 22, 2026

1. Roles

Customer is the Data Controller. ReplyMaya is the Data Processor for personal data processed on Customer's behalf (call recordings, transcripts, contact data).

2. Sub-processors

• Vapi.ai — voice agent runtime
• Twilio — telephony
• ElevenLabs — voice synthesis
• Supabase (Lovable Cloud) — database & storage
• Stripe — payments

3. Security

All data is encrypted in transit (TLS 1.2+) and at rest. Row-level security enforces tenant isolation. MFA is available for all accounts.

4. Data subject rights

Customers can export or delete all stored data from Dashboard → Settings → Privacy. Requests are completed within 30 days.

5. Breach notification

ReplyMaya will notify affected customers within 72 hours of confirming a personal-data breach.

6. Contact

Data Protection Officer: contact@replymaya.com