KellexaKellexa
← All policies

Last updated May 17, 2026

Data Processing Addendum

Summary of processor terms for business customers. A signed DPA is available for enterprise accounts upon request.

1. Scope & roles

This Data Processing Addendum ("DPA") summary applies when Kellexa Technologies Pvt. Ltd. processes personal data on behalf of a business customer ("Customer") in connection with the Kellexa Services. Customer is the data controller; Kellexa acts as data processor under GDPR Article 28 and equivalent laws.

Consumers using Kellexa for personal creator accounts are governed by the Privacy Policy, not this DPA, unless they enter a separate business agreement.

2. Subject matter & duration

Processing is limited to providing workflow automation, integrations, billing, support, and security as described in the Terms and Privacy Policy, for the duration of the subscription plus retention periods specified therein.

3. Nature & purpose of processing

  • Storage and execution of workflow definitions and media.
  • OAuth token management for connected social accounts.
  • Run logging, analytics, and credit metering.
  • Customer support and incident response.

4. Categories of data & subjects

  • Data subjects: Customer personnel, end users, and individuals appearing in Customer content.
  • Categories: identifiers, professional data, content metadata, usage logs, and technical data as defined in the Privacy Policy.

5. Processor obligations

  • Process personal data only on documented instructions from Customer, including via account configuration and Terms.
  • Ensure personnel are bound by confidentiality.
  • Implement appropriate technical and organizational security measures (see Security Policy).
  • Assist with data subject requests, DPIAs, and breach notifications as reasonably required.
  • Delete or return personal data upon termination, subject to legal retention.
  • Make available information necessary to demonstrate compliance and allow audits upon reasonable notice (no more than annually for standard plans).

6. Sub-processors

Customer authorizes use of sub-processors listed in our sub-processor register. We will provide 30 days' notice of material additions; Customer may object on reasonable grounds. Alternative arrangements or termination may apply if unresolved.

7. International transfers

Transfers outside the EEA/UK use Standard Contractual Clauses (2021 modules) or UK IDTA as applicable, plus supplementary measures where required by Schrems II guidance.

8. Personal data breach

Kellexa will notify Customer without undue delay (and within 72 hours where feasible) after becoming aware of a personal data breach affecting Customer data, with information to support regulatory notification obligations.

9. Liability & order of precedence

Liability under this DPA is subject to the limitations in the Terms. In case of conflict between this summary and a fully executed enterprise DPA, the executed DPA prevails.

10. Request a signed DPA

Enterprise and agency customers may request a countersigned DPA at info@kellexa.com. Include company legal name, address, signatory, and estimated data subjects processed.

Governing law for the DPA: laws of India, unless otherwise agreed in writing.