Azire

Legal

Data Processing Agreement

Version: 1.0-draftStatus: Draft — pending legal reviewJurisdiction: Canada (PIPEDA, Quebec Law 25)
This is a working draft. It has not yet been reviewed by Canadian privacy counsel and must not be relied upon as a final legal instrument.

1. Definitions and roles

Personal information means information about an identifiable individual, as defined under PIPEDA and Quebec Law 25. Caller datameans personal information about the Tenant’s callers, customers, and prospects that Azire processes through the Service.

The Tenant is the organization accountable for Caller data and decides the purposes and means of its processing. Azire acts as the Tenant’s service providerand processes Caller data only on the Tenant’s documented instructions and as needed to provide the Service. This DPA is the Tenant’s documented instruction.

2. Scope and purpose of processing

Subject matterProvision of the Azire AI voice-agent platform
DurationThe term of the Terms of Service, plus the return/deletion window in Section 10
Nature and purposeAI call answering, transcription, lead and booking capture, service-related follow-up messaging, CRM synchronisation, billing, security, support, and compliance operations
Types of personal informationCaller name, phone, email, service address; service-request details; call recordings, transcripts, summaries, analysis; WhatsApp/SMS content; Jobber identifiers; technical and security data
Categories of data subjectsThe Tenant's callers, customers, and prospects; the Tenant's own users

3. Azire’s obligations

  • Process Caller data only on documented Tenant instructions
  • Ensure personnel are bound by confidentiality obligations
  • Implement appropriate technical and organisational security measures
  • Assist the Tenant in fulfilling data subject rights requests
  • Notify the Tenant within 72 hours of becoming aware of a personal-information breach
  • Delete or return Caller data on Tenant request or on termination
  • Provide information necessary to demonstrate compliance with this DPA

4. Sub-processors

Azire uses the sub-processors listed at azire.ca/subprocessors. Azire will notify the Tenant of any new sub-processor additions with 30 days’ advance notice. The Tenant may object within that period.

5. Cross-border transfers

Caller data may be transferred to and processed in the United States by sub-processors. All cross-border transfers are made in accordance with PIPEDA’s accountability principle and Quebec Law 25 Article 17. The call disclosure script informs callers of cross-border processing.

6. Security

Azire implements industry-standard security measures including encryption at rest and in transit, access controls, audit logging, and regular security reviews. Details are available in the Security Policy on request.

7. Tenant’s obligations

The Tenant is responsible for: providing lawful instructions to Azire; obtaining caller consent before call recording and transcription; maintaining accurate contact information; and implementing appropriate security controls on the Tenant’s side.

8. Data subject rights

Azire will assist the Tenant in responding to data subject access, correction, deletion, and portability requests. The Tenant should submit DSAR requests through the dashboard. Azire will respond within the required regulatory timeframes.

9. Audit rights

Azire will provide the Tenant with information necessary to demonstrate compliance with this DPA. Azire may satisfy audit requests through security questionnaires, certifications, or third-party audit reports in lieu of on-site audits.

10. Contact

DPA inquiries and signed copy requests: privacy@azire.ca
Azire Technologies Inc., Canada