Data Processing Addendum (DPA)

This Data Processing Addendum (“DPA”) forms part of the agreement between you (“Customer”, “Controller”) and Howsit AI (“Processor”) and describes how personal data is processed when using the Howsit AI platform and services (collectively, the “Service”).

By using the Service, you agree to the terms of this DPA.

1. Definitions

In this DPA:

“Controller” means the entity determining the purposes and means of processing personal data.
“Processor” means Howsit AI, which processes personal data on behalf of the Controller.
“Personal Data” means any information relating to an identified or identifiable natural person.
“Data Subject” means an identified or identifiable person whose Personal Data is processed.
“Processing” means any operation performed on Personal Data (collection, storage, retrieval, use, disclosure, erasure).

2. Roles and Scope

The parties acknowledge that:

The Customer is the Controller of Personal Data uploaded to Howsit AI by the Customer or end users.
Howsit AI acts as a Processor and only processes Personal Data on documented instructions from the Controller.
This DPA applies to all Personal Data processed on behalf of the Customer in the provision of the Service.

3. Processing Activities

Howsit AI may process Personal Data for the following purposes:

User account setup and authentication
Provision of AI automation and conversational workflows
Customer support and troubleshooting
Billing and subscription management
Analytics and service improvements
Compliance with legal obligations

Processing is limited to what is necessary to provide the Service and as instructed by the Controller.

4. Customer Instructions

The Customer authorises Howsit AI to:

Collect and process Personal Data necessary for the Service
Transfer data to third-party providers (e.g., cloud hosts, integrations)
Retain, store, and use data in accordance with the Privacy Policy

Howsit AI will process Personal Data only in accordance with the Customer’s documented instructions unless required by law to process otherwise.

5. Security Measures

Howsit AI implements appropriate technical and organisational measures to protect Personal Data against:

Unauthorised access
Accidental loss, alteration, or destruction
Disclosure or misuse

These measures include, but are not limited to:

Encryption of data in transit and at rest
Access controls and role-based permissions
Security monitoring and threat detection
Regular backups and disaster recovery processes

Further detail is provided in our Security Policy.

6. Sub-Processors

Howsit AI may engage third-party service providers (“Sub-Processors”) to support the delivery of the Service, including:

Cloud hosting providers
Analytics and monitoring tools
Payment processors
Integration partners

Howsit AI will ensure that Sub-Processors are bound by written contracts with data protection obligations consistent with this DPA.

A current list of Sub-Processors is available on request.

7. Data Transfers

Howsit AI may transfer Personal Data to countries outside the Customer’s jurisdiction, including to data centres and service providers abroad.

Where required by law (e.g., GDPR/POPIA), Howsit AI will implement appropriate safeguards for international transfers, such as:

Standard contractual clauses
Binding corporate rules
Adequacy decisions where applicable

8. Data Subject Rights

To the extent applicable under law, Howsit AI will assist the Customer in responding to Data Subject requests to:

Access their Personal Data
Rectify inaccurate information
Erase or restrict processing
Withdraw consent where required
Object to processing

Requests from Data Subjects related to Personal Data controlled by the Customer should be directed to the Customer.

9. Breach Notification

In the event of a confirmed Personal Data breach, Howsit AI will:

Notify the Customer without undue delay
Provide details of the breach and affected data
Support the Customer’s regulatory or Data Subject notifications
Cooperate in incident investigation and remediation

10. Data Retention & Deletion

Howsit AI will retain Personal Data only as necessary:

To provide the Service
To comply with legal obligations
Per the Customer’s retention instructions

Upon request, Howsit AI will delete Personal Data in accordance with the Customer’s instructions and applicable law.

11. Audit and Compliance

Upon reasonable notice, Howsit AI will:

Provide information necessary to demonstrate compliance with this DPA
Allow audits or inspections by the Customer or its authorised representatives, subject to confidentiality protections

Costs associated with audits initiated by the Customer are the responsibility of the Customer.

12. Governing Law

This DPA is governed by the same law specified in the primary agreement between the parties, which may include:

Republic of South Africa law (POPIA compliance)
EU law where applicable (GDPR)

13. Changes to the DPA

Howsit AI may revise this DPA to reflect changes in law or service practices. The updated DPA will be published on our website.

Continued use of the Service after changes constitutes acceptance of the revised DPA.

14. Contact Information

For questions about this Data Processing Addendum, please contact:

Howsit AI
Website: https://howsit.ai
Email: info@howsit.ai
Address: 1 Bridgeway Road, Bridgeways Precinct, Century City, Cape Town, 7441

AI Whatsapp Agents

AI Instagram Agents

AI Facebook Agents

AI Website Agents

AI Shopify Agents

AI WooCommerce Agents

Integrations

Key Features

Analytics & Reporting

Marketing Automation

Appointment Bookings

Medical & Healthcare

Retail & Commerce

Online & Ecommerce

Learning & Education

Finance

Travel & Hospitality