Book a Demo
Legal

GDPR & Data Processing Addendum

Last updated: 31 May 2026

This Data Processing Addendum (“DPA”) describes how MaxMySales processes personal data on behalf of its customers and reflects our commitments under the EU General Data Protection Regulation (GDPR) and comparable laws, alongside India’s Digital Personal Data Protection framework.

1. Roles of the parties

For personal data that a customer submits or processes through the MaxMySales platform (“Customer Data”), the customer is the data controller and MaxMySales is the data processor, acting on the customer’s documented instructions. For data we collect about our own website visitors and account holders, MaxMySales is the controller (see our Privacy Policy).

2. Subject matter & duration

We process Customer Data for the duration of the customer’s subscription, plus any retention period required to provide the service or comply with law. Processing covers the provision of WhatsApp messaging, AI chatbot, AI voice calling, team inbox and related features.

3. Nature & purpose of processing

  • Sending and receiving WhatsApp, SMS, RCS, email and voice communications initiated by the customer;
  • Storing contacts, conversations, templates and campaign analytics;
  • Operating AI chatbots and AI voice agents configured by the customer;
  • Providing support, security, billing and service improvements.

4. Categories of data & data subjects

Data subjects include the customer’s end-customers, leads and contacts. Categories may include identifiers (name, phone number, email), message content, call recordings/transcripts where enabled, and usage metadata. Customers should avoid sending special-category data unless lawful and necessary.

5. Sub-processors

We use vetted sub-processors to deliver the service, including cloud hosting (Google Cloud), messaging infrastructure (Meta/WhatsApp Business Platform), and AI voice providers. Each sub-processor is bound by data-protection terms consistent with this DPA. A current list is available on request, and we will give notice of material changes.

6. Security measures

  • Encryption in transit (TLS) and at rest for stored data;
  • Role-based access control and least-privilege administration;
  • Network controls, logging and monitoring;
  • Regular backups and access reviews.

See our Security Policy for more detail.

7. International transfers

Where personal data is transferred outside the EEA/UK or India, we rely on appropriate safeguards such as Standard Contractual Clauses and equivalent mechanisms, together with supplementary measures where required.

8. Data-subject rights

We assist customers in responding to requests from data subjects to access, correct, delete, restrict, port or object to the processing of their personal data. Individuals can also request deletion via our Data Deletion page.

9. Data breach notification

We maintain procedures to detect and respond to personal-data breaches and will notify affected customers without undue delay after becoming aware of a breach involving their Customer Data, with information reasonably available to us.

10. Return & deletion of data

On termination, and on request, we will delete or return Customer Data within a reasonable period, subject to legal retention obligations.

11. Contact & how to sign a DPA

To request a countersigned DPA or to exercise rights under this addendum, email sales@maxmysales.com.

Maxy
Online · MaxMySales Assistant
👋 Hi there! I'm Maxy, your MaxMySales companion. Ask me anything or say hello to get started!
Powered by MaxMySales · AI Companion
Book DemoWhatsApp