By using the Minami Services, you agrees to this DPA. If you do not agree, you must not provide Personal Data to Minami AI or use the Minami Services.
This Data Processing Addendum (“DPA”) forms part of the Terms of Service Agreement (“Agreement”) between Minami AI Inc. (“Minami AI,” “we,” “us,” or “our”), a Delaware corporation, and the Customer (as defined in the Agreement). This DPA governs the processing of Personal Data by Minami AI on behalf of Customer in connection with the provision of Minami AI’s cloud-based AI support agent services (the “Services”).
This DPA applies when Minami AI processes Personal Data as a processor (under GDPR) or service provider (under CCPA/CPRA and other U.S. state privacy laws) on behalf of Customer, who acts as the controller or business. Capitalized terms not defined herein have the meanings set forth in the Agreement or applicable data protection laws.
Controller: The entity that determines the purposes and means of processing Personal Data, as defined under applicable data protection laws (e.g., GDPR, CCPA/CPRA).
Data Subject: An individual whose Personal Data is processed.
Personal Data: Any information relating to an identified or identifiable individual, as defined under applicable data protection laws, that Minami AI processes on behalf of Customer as part of the Services (e.g., names, email addresses, or other Customer Data containing personal information).
Processing: Any operation performed on Personal Data, such as collection, storage, use, disclosure, or deletion.
Processor: An entity that processes Personal Data on behalf of a Controller, as defined under GDPR.
Service Provider: An entity that processes Personal Data on behalf of a business, as defined under CCPA/CPRA.
Subprocessor: A third party engaged by Minami AI to process Personal Data on behalf of Customer.
Applicable Data Protection Laws: Laws and regulations applicable to the processing of Personal Data, including but not limited to:
The General Data Protection Regulation (EU) 2016/679 (“GDPR”).
The UK GDPR and Data Protection Act 2018.
The California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA).
Other U.S. state privacy laws (e.g., Colorado Privacy Act, Connecticut Data Privacy Act, Utah Consumer Privacy Act, Virginia Consumer Data Protection Act).
Other applicable international data protection laws.
Roles: Customer is the Controller (or business) and determines the purposes and means of processing Personal Data. Minami AI is the Processor (or Service Provider) and processes Personal Data solely on Customer’s instructions as set forth in this DPA and the Agreement.
Scope: This DPA applies to all Personal Data processed by Minami AI in providing the Services, including Personal Data within Customer Data (as defined in the Agreement).
Compliance: Each party will comply with its obligations under Applicable Data Protection Laws. Customer warrants that it has the legal basis (e.g., consent, contract, legitimate interests) to provide Personal Data to Minami AI for processing.
Minami AI will process Personal Data only in accordance with Customer’s documented instructions, as set forth in this DPA, the Agreement, or other written instructions provided by Customer, unless required otherwise by Applicable Data Protection Laws. Customer’s instructions must comply with Applicable Data Protection Laws. If Minami AI believes an instruction violates such laws, it will notify Customer promptly.
Subject Matter: Processing of Personal Data to provide the Services, including AI-driven customer support and related functionalities.
Duration: Personal Data will be processed for the Term of the Agreement and up to 45 days post-termination, as specified in Section 8.2 of the Agreement, unless otherwise required by law.
Nature and Purpose: To enable Customer to use the Services for AI-supported customer service, including data storage, analysis, and response generation.
Types of Personal Data: May include names, email addresses, phone numbers, IP addresses, customer support interactions, and other data provided by Customer or its End-Users.
Categories of Data Subjects: Customer’s employees, Agents, End-Users (e.g., customers or consumers), and other individuals whose Personal Data is included in Customer Data.
Frequency: Continuous processing as required to provide the Services during the Term.
Customer represents and warrants that:
It has all necessary rights, consents, or legal bases to provide Personal Data to Minami AI.
The Personal Data does not include sensitive information (e.g., protected health information under HIPAA) unless expressly agreed in writing.
It will comply with Applicable Data Protection Laws in its instructions to Minami AI.
Minami AI will ensure that personnel authorized to process Personal Data are bound by confidentiality obligations.
Minami AI will implement appropriate technical and organizational measures to protect Personal Data against unauthorized or unlawful processing and accidental loss, destruction, or damage, including:
Encryption of data in transit and at rest, where feasible.
Access controls to limit processing to authorized personnel.
Regular security audits and vulnerability assessments.
Incident response procedures to address data breaches.
Minami AI will, to the extent feasible, assist Customer in responding to Data Subject requests to exercise their rights (e.g., access, deletion, correction) under Applicable Data Protection Laws. Customer must notify Minami AI of such requests at privacy@minami.ai, and Minami AI will respond within a reasonable timeframe, subject to verification of the request.
If Minami AI becomes aware of a Personal Data breach, it will notify Customer without undue delay and provide details of the breach, including its likely impact and proposed mitigation measures, to enable Customer to meet its notification obligations under Applicable Data Protection Laws.
Minami AI will assist Customer, upon request, with data protection impact assessments and prior consultations with supervisory authorities, as required by GDPR or other Applicable Data Protection Laws, to the extent related to Minami AI’s processing activities.
Upon termination or expiration of the Agreement, Minami AI will, at Customer’s option, delete or return all Personal Data within 45 days, as specified in Section 8.2 of the Agreement, unless retention is required by Applicable Data Protection Laws. Minami AI may retain anonymized or aggregated data, as permitted by law and the Agreement.
Customer generally authorizes Minami AI to engage Subprocessors to process Personal Data, provided they are bound by data protection obligations at least as protective as those in this DPA.
Minami AI will maintain an up-to-date list of Subprocessors at https://minami.ai/subprocessors. Customer may subscribe to notifications of changes to this list by emailing privacy@minami.ai.
Customer may object to a new Subprocessor within 14 days of notification by emailing privacy@minami.ai with a reasoned objection. If the parties cannot resolve the objection, Customer may terminate the Agreement with 30 days’ written notice, as per Section 7.5 of the Agreement, and receive a refund for prepaid fees for unprovided Services.
Minami AI will ensure Subprocessors comply with Applicable Data Protection Laws and will remain liable for their performance to the same extent as for its own actions.
Minami AI, as a Delaware-based company, may transfer Personal Data to the United States or other countries that may not provide the same level of data protection as Customer’s jurisdiction.
For transfers from the EEA, UK, or Switzerland, Minami AI will use safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission or other mechanisms compliant with GDPR. Details of transfer mechanisms are available upon request at privacy@minami.ai.
Minami AI will ensure that Subprocessors involved in international transfers comply with applicable transfer safeguards.
Subject to confidentiality obligations, Minami AI will make available to Customer information necessary to demonstrate compliance with this DPA and Applicable Data Protection Laws. Customer may conduct an audit, at its expense, no more than once per year, upon 30 days’ written notice to privacy@minami.ai.
Audits will be conducted during regular business hours, with minimal disruption to Minami AI’s operations. Customer may use a third-party auditor bound by confidentiality obligations, subject to Minami AI’s approval (not to be unreasonably withheld).
Minami AI will cooperate with reasonable audit requests and address any non-compliance identified, providing a remediation plan if necessary.
For purposes of CCPA/CPRA and other applicable U.S. state privacy laws, Minami AI acts as a Service Provider and will:
Process Personal Data only for the business purposes specified in the Agreement and this DPA.
Not sell or share Personal Data for cross-context behavioral advertising.
Not retain, use, or disclose Personal Data outside the direct business relationship with Customer, except as permitted by law.
Minami AI will assist Customer in complying with U.S. state privacy law obligations, including responding to consumer requests, to the extent feasible and upon Customer’s request.
Minami AI’s liability for breaches of this DPA is subject to the limitations in Section 10 of the Agreement, except where higher liability is required by Applicable Data Protection Laws (e.g., GDPR Article 82). In such cases, liability for unauthorized Personal Data disclosures is capped at twice the fees paid by Customer in the 12 months prior to the claim, as per Section 10.3 of the Agreement.
This DPA is incorporated into and forms part of the Agreement. In case of conflict between this DPA and the Agreement, this DPA prevails with respect to Personal Data processing.
Minami AI may amend this DPA with 30 days’ notice to Customer via email or the Services. Continued use of the Services constitutes acceptance of the amended DPA.
This DPA is governed by Delaware law, consistent with Section 13.8 of the Agreement, subject to mandatory requirements of Applicable Data Protection Laws.
Disputes under this DPA will be resolved through binding arbitration, as per Section 13.9 of the Agreement.
For questions or notices regarding this DPA, contact:
Email: privacy@minami.ai
Subject Matter: Processing of Personal Data to provide AI-driven customer support services.
Duration: Throughout the Term and up to 45 days post-termination, unless otherwise required by law.
Nature and Purpose: To enable Customer to use the Services for automated customer support, including data storage, analysis, and response generation.
Types of Personal Data: Names, email addresses, phone numbers, IP addresses, customer support interactions, and other data in Customer Data.
Categories of Data Subjects: Customer’s employees, Agents, End-Users, and other individuals whose data is provided.
Customer Obligations: Ensure lawful provision of Personal Data, obtain necessary consents, and comply with Applicable Data Protection Laws.
Minami AI implements the following measures, at a minimum:
Encryption: Data encrypted in transit (e.g., TLS) and at rest (e.g., AES-256).
Access Controls: Role-based access limited to authorized personnel.
Audits: Regular security assessments and penetration testing.
Incident Response: Procedures for detecting, reporting, and mitigating data breaches.
Employee Training: Regular training on data protection and security practices.
**
Minami is available with zero setup
No integrations. No workflows. No dev time. Just power up Minami and let your AI agent cut refunds, manual labor, and losses