1. Purpose

This DataProcessing Agreement (DPA) is an addendum to the Voxr Licensee Terms andConditions and applies when Voxr processes personal data on behalf of theLicensee. It ensures compliance with applicable data protection laws, includingthe General Data Protection Regulation (GDPR), the California Consumer PrivacyAct (CCPA), and similar frameworks.

‍

2. Definitions

1. Data Controller: The Licensee, which determines     the purposes and means of processing personal data.
2. Data Processor: Voxr AI Corp, which processes     data on behalf of the Controler.
3. ‍Personal Data: Any information relating to an     identified or identifiable individual, including names, contact details,     audio recordings, IP addresses, and user metadata. ‍
4. Processing: Any operation performed on     personal data, including collection, storage, use, disclosure, and     deletion.

‍

3. Scope and Processing Details

1. Voxr shall process personal data     only on documented instructions from the Licensee and only as necessary to     provide its services.
2. Data will be processed within     infrastructure hosted on secure, U.S.-based servers using third-party     cloud providers such as AWS, Azure, or GCP.
3. Voxr will implement appropriate     technical and organizational measures to protect personal data against     unauthorized or unlawful processing, loss, destruction, or damage.

4. Data Subject Rights

1. The Licensee is responsible for     fulfilling data subject rights under applicable laws (e.g., access,     deletion, correction, and portability requests).
2. If Voxr receives such a request     directly, it will promptly forward it to the Licensee and provide     reasonable assistance as required.

5. Confidentiality and Sub-Processing

1. Voxr personnel and authorized     subcontractors are bound by confidentiality agreements.
2. Voxr may use subprocessors (e.g.,     cloud hosting providers). A list shall be made available upon request.     Licensee will be notified of changes and may object within ten (10)     business days on legitimate data protection grounds.

6. Data Breach Notification

1. Voxr will notify the Licensee     within 48 hours of discovering a breach involving personal data.
2. The notification will include a     summary of the breach, affected data, remediation steps, and any     regulatory notifications required.

7. Cross-Border Transfers

• If data is transferred outside the U.S. or EU, Voxr shall ensure that lawful transfer mechanisms (such as Standard Contractual Clauses) are in place.
• ‍

8. Data Retention and Deletion

1. Upon termination of services,     Voxr shall delete or return personal data upon the Licensee’s written     request, unless legally required to retain it.
2. Any deletion requests must be     verified and comply with security procedures.

9. Liability and Indemnification

1. Each Party shall be individually     responsible for complying with applicable data protection laws.
2. Each Party shall indemnify and hold the other harmless for any loss, claim, or penalty resulting from its own non-compliance with applicable privacy laws.

10. Governing Law and Jurisdiction

This DPA is governed by the laws of the State of Delaware, with disputes subject to the arbitration terms set forth in the main Agreement.

‍