Data Processing Addendum

This summary reflects the DPA terms DiliPilot expects to make available to business customers when DiliPilot processes personal data on their behalf. A customer-specific DPA should be incorporated into an order form or otherwise executed before paid pilots that involve customer personal data.

Core Terms

• Customer is generally the controller/business and DiliPilot is the processor/service provider for Customer Personal Data.
• DiliPilot processes Customer Personal Data only on documented customer instructions unless law requires otherwise.
• DiliPilot will not sell or share Customer Personal Data or use it for cross-context behavioral advertising.
• Personnel authorized to process Customer Personal Data must be subject to confidentiality obligations.
• DiliPilot will maintain technical and organizational measures appropriate to processing context and risk.
• Customer grants general authorization for verified subprocessors listed on the public subprocessor page or an executed agreement.
• DiliPilot will assist with data-subject requests, security incidents, deletion or return, audits, and transfer terms as required by the DPA.

Processing Details

Processing covers document ingestion, extraction, diligence analysis, collaboration, reporting, support, security, and related SaaS functionality. Data subjects may include customer personnel and people appearing in uploaded records. Personal data may include identity, contact, professional, employment, ownership, transaction, financial, compensation, payroll, tax, account, usage, contract, and communication data selected by Customer.

To request the executable DPA, contact legal@dilipilot.com.