Data Processing Agreement

Last Updated: 6/11/2025

Data Processing Agreement

This Data Processing Agreement (“DPA”) is entered into by and between the customer entity agreeing to these terms (“Controller”) and RowebCo LLC (“Processor”, “we”, “us”, or “our”) in connection with the use of RowebAI services (“Services”), and is incorporated into the Data Processing Agreement.

1. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person as defined by applicable data protection laws.
  • Processing: Any operation performed on Personal Data, whether by automated means or not.
  • Controller: The party that determines the purposes and means of the processing of Personal Data.
  • Processor: The party that processes Personal Data on behalf of the Controller.

2. Scope of Processing

RowebCo LLC will process Personal Data solely for the purpose of providing and improving the Services, in accordance with the Controller’s instructions. We will not process Personal Data for our own purposes.

3. Controller Responsibilities

  • The Controller confirms it has the legal right to collect, use, and share Personal Data.
  • The Controller is solely responsible for obtaining all necessary consents, rights, and authorizations for the lawful processing of Personal Data under applicable laws.
  • The Controller will not instruct RowebCo LLC to process Personal Data in a manner that violates any laws or regulations.

4. Processor Obligations

  • We will implement appropriate technical and organizational measures to protect Personal Data from unauthorized or unlawful processing, loss, destruction, or damage.
  • We will ensure that personnel authorized to process Personal Data are subject to confidentiality obligations.
  • We will assist the Controller in responding to data subject requests, security incidents, or regulatory obligations to the extent required by law.

5. Subprocessors

RowebCo LLC may engage third-party subprocessors to process Personal Data as necessary to deliver the Services. We will ensure subprocessors are bound by data protection terms no less protective than those in this DPA. A list of subprocessors is available upon request.

6. International Data Transfers

Where required by applicable law, transfers of Personal Data outside of the originating jurisdiction shall be governed by appropriate safeguards, including Standard Contractual Clauses or equivalent mechanisms.

7. Data Retention and Deletion

Upon termination of the Services or at the Controller’s request, you may request to have your data deleted or return all Personal Data unless retention is required by law.

8. Limitation of Liability

To the maximum extent permitted by law, RowebCo LLC’s total liability under this DPA shall be limited to the amount paid by the Controller to us in the twelve (12) months preceding the event giving rise to the claim.

9. Indemnification

The Controller agrees to indemnify and hold harmless RowebCo LLC against all claims, losses, or damages arising out of the Controller’s failure to comply with applicable data protection laws or breach of this DPA.

10. Term and Termination

This DPA remains in effect for as long as RowebCo LLC processes Personal Data on behalf of the Controller.

11. Contact Information

For any data protection inquiries, please contact:

Last Updated: 6/11/2025