Get a Demo
Close

Contacts

Berlin / Tbilisi

Book a demo: calendly

davit@gobanyan.io

Get a Demo
Get a Demo

Data Processing Agreement (DPA)

This Data Processing Agreement (“Agreement”) forms part of the Terms of Service or other written or electronic agreement
(“Principal Agreement”) between:

DS Ai Labs LLC
Gulriphshistr. 36
GE-0101 Tbilisi, Georgia
Identification Number: 400327632
Email: davit@gobanyan.io
(“Processor”, “Banyan AI”, “we”, “us”)

and

The Customer
(“Controller”, “you”)

Together referred to as the “Parties”.

This Agreement reflects the requirements of Article 28 of the EU General Data Protection Regulation (“GDPR”) and other applicable
data protection laws.

1. Definitions

Capitalized terms not defined in this Agreement shall have the meaning set out in the Principal Agreement or under GDPR.

  • “Personal Data” means any information relating to an identified or identifiable natural person processed under this Agreement.
  • “Customer Personal Data” means Personal Data processed by Banyan AI on behalf of the Customer.
  • “Processing” has the meaning given in Article 4(2) GDPR.
  • “Sub-processor” means any third party engaged by Banyan AI to process Customer Personal Data.

2. Roles of the Parties

  • The Customer acts as the Controller of Customer Personal Data.
  • Banyan AI acts solely as a Processor, processing Customer Personal Data only on documented instructions from the Customer,
    unless required to do otherwise by applicable law.
  • Banyan AI does not determine the purposes of processing Customer Personal Data.

3. Subject Matter, Duration & Nature of Processing

3.1 Subject Matter

This Agreement governs Banyan AI’s processing of Customer Personal Data in connection with providing the Banyan AI platform and related services.

3.2 Duration

Processing will continue for the duration of the Customer’s account and until deletion is requested, as described in Section 11.

3.3 Nature and Purpose of Processing

Banyan AI processes Customer Personal Data in order to:

  • Analyze revenue health and customer behavior
  • Generate reports, dashboards, and insights
  • Detect trends, risks, and signals related to churn, retention, and revenue performance
  • Provide analytical, operational, and automation functionality requested by the Customer

Processing is strictly limited to what is necessary to deliver these services.

4. Categories of Data Subjects and Personal Data

4.1 Categories of Data Subjects

  • Customer employees, contractors, or authorized users
  • End customers or accounts of the Customer

4.2 Categories of Personal Data

Depending on the Customer’s configuration and connected data sources, this may include:

  • Names
  • Email addresses
  • User identifiers
  • Account and customer metadata
  • Usage, interaction, and behavioral analytics data
  • Revenue-related customer activity data

Banyan AI does not intentionally process special categories of Personal Data under Article 9 GDPR.

5. Customer Obligations

The Customer warrants that:

  • It has a valid legal basis for processing Customer Personal Data
  • It has provided all required notices to data subjects
  • Its instructions comply with applicable data protection laws

The Customer is responsible for the legality of the data it provides to Banyan AI.

6. Processor Obligations

Banyan AI shall:

  • Process Customer Personal Data only on documented instructions from the Customer
  • Ensure personnel authorized to process Personal Data are bound by confidentiality
  • Implement appropriate technical and organizational measures
  • Assist the Customer with data subject requests and compliance obligations
  • Notify the Customer if an instruction violates applicable law

7. Sub-processing

  • The Customer grants Banyan AI general authorization to engage Sub-processors.
  • A current list of Sub-processors is available at:
    https://gobanyan.io/subprocessors-agreement/
  • Banyan AI shall impose data protection obligations on Sub-processors that are no less protective than those in this Agreement.
  • Banyan AI remains responsible for the performance of its Sub-processors.

8. Technical and Organizational Measures (TOMs)

Banyan AI implements appropriate technical and organizational measures to protect Customer Personal Data, including but not limited to:

  • Access controls and least-privilege permissions
  • Authentication and authorization mechanisms
  • Encryption in transit (TLS) and at rest where applicable
  • Network security and firewall protections
  • Monitoring, logging, and anomaly detection
  • Secure development practices
  • Incident response and breach handling procedures
  • Regular system updates and patching

These measures are designed to ensure confidentiality, integrity, availability, and resilience of processing systems.

9. Data Transfers & International Processing

  • Customer data is hosted in Europe.
  • Banyan AI uses third-party AI and infrastructure providers, including providers based in the United States (e.g., OpenAI, Google Gemini, Anthropic).
  • Where possible, Banyan AI opts out of model training on Customer Personal Data and applies privacy-preserving configurations.
  • International data transfers are safeguarded using appropriate legal mechanisms, including Standard Contractual Clauses or equivalent protections where required.

10. U.S. Privacy Laws (CCPA / CPRA)

Where applicable, Banyan AI acts as a Service Provider / Processor and:

  • Does not sell or share Customer Personal Data
  • Does not retain, use, or disclose Customer Personal Data for purposes other than providing the services
  • Complies with applicable U.S. state privacy laws

11. Data Retention, Deletion & Return

  • Banyan AI retains Customer Personal Data for as long as the Customer maintains an account.
  • Upon the Customer’s request to delete their account, Banyan AI will delete Customer Personal Data without undue delay, typically within a few days.
  • Data deletion includes removal from active systems, subject to limited retention required by law or backup integrity processes.

12. Data Subject Requests

Banyan AI shall assist the Customer, where applicable, in responding to:

  • Access requests
  • Rectification or deletion requests
  • Objection or restriction requests

Assistance is provided to the extent technically feasible and legally required.

13. Personal Data Breach

Banyan AI shall notify the Customer without undue delay after becoming aware of a Personal Data Breach affecting Customer Personal Data
and provide reasonable information to support compliance with breach notification obligations.

14. Audits

Upon reasonable written notice, the Customer may audit Banyan AI’s compliance with this Agreement,
subject to confidentiality, security, and proportionality requirements.

15. Liability

Liability under this Agreement is subject to the limitations set forth in the Principal Agreement, unless otherwise required by applicable law.

16. Governing Law

This Agreement shall be governed by the law specified in the Principal Agreement, unless mandatory data protection laws require otherwise.

17. Order of Precedence

In the event of a conflict, this Agreement shall prevail with respect to data protection matters.

SaaS Metrics Library

Learn more about KPIs which can be optimised with Banyan AI