DPA

Last updated: January 2026

This Data Processing Agreement (“DPA”) forms part of the agreement between FaimosAI Ltd (“Processor”) and you (“Controller”) for the use of FAImos services, where you process personal data of your customers or contacts using our platform.

1. Definitions

  • “Personal Data” means any information relating to an identified or identifiable natural person
  • “Processing” means any operation performed on Personal Data
  • “Controller” means the entity that determines the purposes and means of Processing
  • “Processor” means the entity that processes Personal Data on behalf of the Controller
  • “Sub-processor” means any third party engaged by the Processor to process Personal Data
  • “Data Subject” means an identified or identifiable natural person

2. Scope and Purpose

This DPA applies when you use FAImos to process Personal Data of your customers, contacts, or other individuals. The types of Personal Data processed may include:

  • Contact information (names, email addresses, phone numbers)
  • Business information (company names, job titles)
  • Sales data (deal values, purchase history)
  • Marketing preferences and engagement data
  • Any other data you choose to store in FAImos

3. Processor Obligations

FaimosAI Ltd as Processor agrees to:

  • Process Personal Data only on documented instructions from the Controller
  • Ensure persons authorised to process Personal Data are bound by confidentiality obligations
  • Implement appropriate technical and organisational security measures
  • Engage Sub-processors only with Controller’s prior written consent
  • Assist the Controller with Data Subject rights requests
  • Assist with security, breach notification, and impact assessments as required
  • Delete or return Personal Data upon termination of services, unless retention is required by law
  • Make available information necessary to demonstrate compliance with this DPA

4. Controller Obligations

You as Controller agree to:

  • Ensure you have a lawful basis to process Personal Data using FAImos
  • Provide clear and documented instructions to the Processor
  • Comply with all applicable data protection laws
  • Ensure Data Subjects are informed about the Processing
  • Respond to Data Subject requests within legal timeframes

5. Sub-processors

The Controller provides general authorisation for the Processor to engage the following categories of Sub-processors:

Sub-processorPurposeLocation
Replit Inc.Cloud hosting infrastructureUSA
Neon (PostgreSQL)Database servicesUSA/EU
OpenAIAI content generationUSA
Google (Gemini)AI content generationUSA/EU
AnthropicAI content generationUSA
StripePayment processingUSA/EU
SupabaseAuthentication and databaseUSA

We will notify you of any intended changes to Sub-processors, giving you the opportunity to object.

6. International Transfers

Where Personal Data is transferred outside the UK/EEA, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the UK ICO/EU Commission
  • Transfer Impact Assessments where required
  • Supplementary measures to address destination country risks

7. Security Measures

We implement and maintain the following security measures:

  • Encryption: Data encrypted in transit (TLS 1.2+) and at rest
  • Access Control: Role-based access, strong authentication
  • Client Isolation: Multi-tenant architecture with data separation
  • Monitoring: Logging and monitoring of access and changes
  • Backup: Regular automated backups with point-in-time recovery
  • Incident Response: Documented procedures for security incidents

8. Data Breach Notification

In the event of a Personal Data breach, we will:

  • Notify you without undue delay (within 48 hours of becoming aware)
  • Provide details of the nature of the breach
  • Describe likely consequences and measures taken/proposed
  • Cooperate with your investigation and notification obligations

9. Data Subject Rights

We will assist you in responding to Data Subject requests, including:

  • Access requests
  • Rectification requests
  • Erasure requests (“right to be forgotten”)
  • Data portability requests
  • Restriction of processing requests
  • Objection to processing

FAImos provides data export functionality to assist with these requests.

10. Audit Rights

Upon reasonable notice and subject to confidentiality obligations, you may audit our compliance with this DPA. We will provide information and access as reasonably required to verify compliance. Audits shall be conducted during normal business hours and shall not unreasonably interfere with our operations.

11. Term and Termination

This DPA remains in effect for the duration of your use of FAImos. Upon termination:

  • You may export your data before account closure
  • We will delete Personal Data within 90 days, unless retention is legally required
  • Backup copies are deleted according to our standard backup rotation schedule

12. Liability

Each party’s liability under this DPA is subject to the limitations set out in our Terms of Service. The Processor shall be liable for damages caused by Processing only where it has not complied with GDPR obligations specifically directed at Processors or has acted outside of or contrary to lawful instructions.

13. Governing Law

This DPA is governed by the laws of England and Wales. For disputes, the parties submit to the exclusive jurisdiction of the courts of England and Wales.

14. Contact

Data Protection Officer

FaimosAI Ltd

Email: hello@faimos.ai

Company Number: 17042011

Registered in England and Wales

4 Hambleden Drive, Wallingford, OX10 0PQ, United Kingdom

For questions about this DPA or to request a signed copy, please contact us.

FAImos

AI that gets you noticed

Product

Features

Pricing

Legal

Privacy Policy

Terms of Service

Cookie Policy

DPA

Company

hello@faimos.ai

support@faimos.ai

© 2026 FaimosAI Ltd. All rights reserved.

Company number: 17042011

Scroll to Top