Skip to Content
DRAFT — not legal advice. Placeholder text pending legal review. See Terms · Privacy · DPA.

Data Processing Agreement

Between [COMPANY LEGAL NAME] ("Processor") and the Customer ("Controller").

1. Roles & instructions

Where you process personal data of your users/contacts through the Service, you are the Controller and we are your Processor. We process only on your documented instructions.

2. Nature of processing

The Service interprets your users' requests against your Odoo. We transmit to the AI model only (a) the schema shape of your database and (b) the text of the request — never the values of your business records. Confirmed actions run locally in your Odoo under the user's permissions.

3. Our obligations

Confidentiality; the security measures in the annex; assistance with data-subject requests and breach/DPIA duties; and deletion or return of data on termination.

4. Sub-processors

You authorize: Stripe (payments); [LLM provider / self-hosted host] (generating responses); [hosting provider]. We give notice of changes so you may object on reasonable grounds. If the LLM is self-hosted, no request data leaves our infrastructure to an external LLM provider.

5. Transfers, breach, deletion, audit

Cross-border transfers use a lawful mechanism (e.g. SCCs). We notify you of a personal data breach without undue delay. On termination we delete or return data within [30] days. We make available information to demonstrate compliance.

Annex — security measures

Hashed API keys/passwords; TLS in transit; least-privilege access; rate limiting and audit logging; data minimization (schema shape + request text only); backups, monitoring, and key rotation.

Oddll Brain AI — Terms · Privacy · DPA