Data Processing Agreement (DPA)

This Data Processing Agreement (DPA) governs the processing of personal data by Dhruv Automates on behalf of the Client in connection with the provision of automation and data handling services.

1. Roles of the Parties

For the purposes of applicable data protection laws (such as GDPR), the Client operates as the Data Controller (the party determining the purpose and means of data processing) and Dhruv Automates acts as the Data Processor (handling data on behalf of the Controller).

2. Scope of Processing

We will only access, process, and handle your data to the extent necessary to perform the agreed-upon automation services, tests, and API integrations as documented in your project specifications.

3. Express Disclaimer of Security Liability & Credentials Handling

Dhruv Automates implements reasonable measures entirely as-is for the sole purpose of executing automation logic:

• Complete Exemption: We act solely as a conduit for automation. Under no circumstances shall Dhruv Automates be held legally or financially liable for data breaches, credential theft, server compromises, or leaks affecting the Client's data or their end-users' data.
• Client's Sole Responsibility: The Client accepts 100% full responsibility for the security posture of their applications, including providing us ONLY with least-privileged, revocable API access tokens.
• Credentials Handling: During the project, all API keys, passwords, tokens, and credentials provided by the Client are stored in secure configuration systems (encrypted at rest) and only accessed by automation scripts as required. The Client explicitly authorizes Dhruv Automates to store and use these credentials solely to execute the agreed-upon automation workflows.
• Post-Project Credential Deletion: Upon project completion, delivery of the final automation solution, or project termination, Dhruv Automates will delete all stored credentials, API keys, passwords, and authentication tokens from our systems within 5 business days. The Client is responsible for verifying credential rotation/revocation on their end. Dhruv Automates assumes no liability if the Client fails to rotate their credentials after project completion.
• No Credential Reuse or Sale: Dhruv Automates explicitly commits to NOT selling, trading, sharing, or reusing any Client credentials for any purpose beyond executing the specific automation workflows outlined in the project agreement. All credentials are treated as confidential and used solely for the Client's benefit during the active project period.
• Credential Retention for Maintenance: If the Client contracts Dhruv Automates for ongoing maintenance, support, or monitoring of their automations, the Client may authorize continued credential storage for the duration of the maintenance agreement. Any credentials stored beyond the initial project must be re-authorized in writing by the Client. Upon termination of maintenance services, all credentials will be deleted within 5 business days.

4. Indemnification

The Client agrees to fully defend, indemnify, and hold Dhruv Automates (including its owners and subcontractors) harmless against any regulatory fines, class-action lawsuits, GDPR/CCPA penalties, or legal fees arising directly or indirectly out of our handling or processing of the Client's data.

5. Breach Notification

In the event we discover a data breach that compromises Client data on systems we control, we will endeavor to notify the Client without undue delay. However, this notification obligation shall not be construed as an admission of fault, liability, or financial responsibility for the breach.

6. Subprocessors & Third-Party Risks

Automations inherently involve third-party tools. The Client acknowledges and provides absolute, unconditional authorization for us to transmit your data across Subprocessors (e.g., Zapier, Make.com, AWS, OpenAI).

Waiver: Dhruv Automates bears zero liability for how these third-party Subprocessors handle, log, train on, or leak your data. The Client is entirely responsible for reviewing the independent Terms of Service of any tool integrated into their customized automation workflow.

7. Confidentiality of Client Business Logic

During the project, Dhruv Automates may gain access to sensitive information including the Client's business processes, workflows, internal systems, integration logic, customer data structures, and proprietary automation strategies.

• Confidentiality Obligation: Dhruv Automates commits to treating all Client business logic, processes, and systems information as confidential. This information will not be shared, disclosed, or used for purposes other than executing the automation project.
• No Unauthorized Reuse: While Dhruv Automates may reuse code components and architectural patterns across projects, the Client's specific business logic, process flows, and strategic automation designs are unique to the Client and will not be reused or repurposed without explicit written permission.
• White-Label & Template Exception: This confidentiality restriction does NOT apply to pre-built automation templates, white-label products, or template-based workflows. If the Client purchases, licenses, or deploys a pre-built template or white-label product, Dhruv Automates retains full intellectual property rights and may freely modify, update, resell, and relicense the template to other clients without Client approval or permission. This exception explicitly carves out all white-label products and templates from the business logic confidentiality restriction. The Client acknowledges that they are licensing a product, not contracting for bespoke custom work, and therefore cannot claim ownership over or restrict Dhruv Automates' use of the template.
• Internal Use Only: Any business processes or internal systems information disclosed to Dhruv Automates is strictly for the purposes of building, testing, and delivering the automation. This information will not be shared with Dhruv Automates' other clients, subcontractors, or third parties.
• Exception for Necessary Subcontractors: If Dhruv Automates engages subcontractors or other service providers to assist with the project, the Client's confidential information may be shared with those parties under strict confidentiality agreements. The Client will be notified if subcontractors are involved in the project.