1. Definitions
- “Data Controller” (or “Client”) — you, the subscriber who determines the purposes and means of processing personal data via the AgentGrow Service.
- “Data Processor” — gheWARE uniGPS Solutions LLP (LLPIN: AAK-8847, GSTIN: 29AAKFG8847K1ZK), which processes personal data on behalf of the Data Controller.
- “Personal Data” — any data relating to an identified or identifiable individual, as defined under the Digital Personal Data Protection Act, 2023 (India) and/or the General Data Protection Regulation (EU).
- “Sub-Processor” — a third-party service engaged by the Data Processor to process Personal Data on behalf of the Data Controller.
2. Scope of Processing
AgentGrow processes the following categories of personal data on your behalf:
- Lead data — names, email addresses, phone numbers, company names of individuals who submit forms on your website
- Social media audience data — public engagement metrics, follower interactions processed through your connected social accounts
- Business contact data — names and email addresses in your CRM pipeline
- Website analytics — IP addresses, browser type, page views (via Google Analytics on your behalf)
Processing is carried out solely for the purpose of operating your AI CBO agent as described in our Terms of Service.
3. Our Obligations as Data Processor
gheWARE uniGPS Solutions LLP shall:
- Process Personal Data only on your documented instructions and solely for providing the AgentGrow Service
- Not process Personal Data for any other purpose, including marketing, profiling, or sale to third parties
- Ensure that personnel authorised to process Personal Data are bound by confidentiality obligations
- Implement appropriate technical and organisational security measures (see Section 5)
- Assist you in responding to data subject requests (access, rectification, erasure, portability)
- Notify you promptly of any data breach (see Section 7)
- Delete or return all Personal Data upon termination of the Service (see Section 8)
4. Sub-Processors
We use the following sub-processors to deliver the Service. By agreeing to this DPA, you authorise the engagement of these sub-processors:
| Sub-Processor | Purpose | Location |
|---|---|---|
| Anthropic (Claude API) | AI model processing for content generation | United States |
| Cashfree Payments | Payment processing | India |
| Amazon Web Services (SES) | Transactional email delivery | India (ap-south-1) |
| Cloudflare | CDN, DNS, tunnel networking | Global |
| Google (Analytics, Search Console) | Website analytics, SEO monitoring | United States |
| Meta (Facebook, Instagram APIs) | Social media posting on your behalf | United States |
| Telegram | Agent communication channel | Global |
We will notify you via email before engaging any new sub-processor, giving you 30 days to object. If you object, you may terminate the Service without penalty.
5. Security Measures
We implement the following technical and organisational measures:
- Isolation: Each client’s agent runs in a dedicated Kubernetes namespace with network policies preventing cross-client access
- Encryption in transit: All data transmitted over TLS 1.2+
- Secrets management: Platform credentials stored as Kubernetes Secrets (encrypted at rest), never logged or exposed in application output
- Access control: Infrastructure access restricted to authorised personnel only
- Data minimisation: We collect and retain only the data necessary to operate the Service
- Regular updates: Infrastructure components are kept up to date with security patches
6. Data Subject Rights
If we receive a request from a data subject (e.g., a lead captured by your website) regarding their personal data, we will promptly notify you and assist you in responding to the request. We will not respond to data subject requests directly unless instructed by you.
You may export your CRM/lead data at any time by requesting a CSV export via [email protected].
7. Data Breach Notification
In the event of a personal data breach, we will notify you without undue delay (and in any case within 72 hours of becoming aware) with:
- A description of the nature of the breach, including categories and approximate number of data subjects affected
- The likely consequences of the breach
- Measures taken or proposed to address the breach and mitigate its effects
8. Data Deletion & Return
Upon termination of your subscription, we will:
- Provide a CSV export of your CRM/lead data upon request (within 7 business days)
- Permanently delete all Personal Data from our systems within 30 days of termination
- Confirm deletion in writing upon request
We may retain anonymised, aggregated data that cannot identify individuals for internal analytics purposes.
9. Contact
For questions about this DPA, contact our Grievance Officer:
- Name: Rajesh Gheware, Managing Partner
- Email: [email protected]
- Phone: +91-974-080-7444
gheWARE uniGPS Solutions LLP, 2146 Sunscape, Sobha Hillview, Kanakapura Road, Bengaluru, Karnataka, INDIA 560109.