MAIML
Sign Up

Data Processing Agreement

GDPR-compliant agreement for processing customer data

Last updated: April 13, 2026

1. Overview

This Data Processing Agreement ("DPA") forms part of the agreement between you ("Controller") and Preferred Data Corporation ("Processor") for use of the MAIML platform. It governs the processing of personal data in connection with the services.

2. Definitions

  • Data Protection Laws: GDPR, UK GDPR, CCPA, and all applicable privacy regulations.
  • Personal Data: Information identifying natural persons under applicable laws.
  • Processing: Collection, storage, use, disclosure, and erasure operations.
  • Data Subject: Individuals to whom personal data relates.
  • Sub-processor: Third parties engaged for data processing.
  • Security Incident: Breaches causing unauthorized access, loss, or disclosure of personal data.

3. Scope of Processing

Processing occurs only for the purpose of delivering MAIML services per the Terms of Service and your instructions. Data types include contact information, account credentials, agent configurations, usage telemetry, and billing data.

4. Controller Obligations

As Controller, you must:

  • Ensure your instructions comply with data protection laws
  • Establish lawful bases for processing
  • Obtain necessary consents from data subjects
  • Warrant the accuracy of provided data

5. Processor Responsibilities

As Processor, we commit to:

  • Processing data only on your documented instructions
  • Ensuring staff are bound by confidentiality obligations
  • Implementing appropriate technical and organizational security measures, including encryption, Row Level Security, and access controls
  • Assisting with data subject rights requests (access, rectification, erasure, portability, objection)
  • Security awareness training for personnel

6. Sub-processors

We maintain a current list of sub-processors. Categories include cloud infrastructure providers, payment processors, email delivery services, and analytics tools. We will provide 30 days' notice before engaging new sub-processors. You may object to a new sub-processor within that period.

7. International Transfers

Transfers of personal data outside the EEA are conducted using Standard Contractual Clauses, adequacy decisions, or other valid legal mechanisms under applicable data protection laws.

8. Security Incidents

In the event of a security incident involving personal data, we will notify you without undue delay, and where feasible within 72 hours. Notification will include the nature of the incident, affected data, likely consequences, and remedial measures taken.

9. Audits

You may request an audit with 30 days' notice, no more than annually unless required by law or a supervisory authority. Third-party security certifications (SOC 2, ISO 27001) may be accepted as an alternative to on-site audits.

10. Data Retention and Deletion

Data is retained only as long as necessary to provide the services. Upon termination, you may choose certified deletion or data return in a standard machine-readable format. Deletion occurs within 30 days of request unless a longer retention period is legally required.

11. Liability

Liability under this DPA follows the limitations set forth in the Terms of Service. Both parties indemnify each other against claims from data subjects or supervisory authorities arising from breaches of this DPA.

12. General Provisions

Amendments to this DPA require written agreement, though we may update terms to reflect legal or regulatory changes with notice. If any provision is unenforceable, remaining terms remain in effect. This DPA prevails over the Terms of Service regarding personal data processing.

13. Contact

For data protection inquiries, contact our Data Protection Officer at dpo@maiml.com.

Preferred Data Corporation
1208 Eastchester Drive, Suite 131
High Point, NC 27265
(336) 886-3282