Macha
Features Macha on Zendesk Use Cases Integrations Pricing
Log in Try for Free

Data Processing Agreement

Effective date: April 1, 2024

This agreement outlines how Macha AI (AGZ Technologies Private Limited) handles personal data as a data processor on behalf of customers.

1. Purpose and Scope

Macha processes data to provide AI assistant services, ticket analysis, and customer support optimization.

2. Roles and Responsibilities

  • Customer = Data Controller
  • Macha = Data Processor

3. Data Categories and Subjects

Types of data processed:

  • Customer end-user information (names, emails, messages)
  • Support ticket content and metadata
  • Help center articles and product data

Data subjects include employees and customer end-users.

4. Processing Instructions

Processing occurs only per customer documentation, applicable laws like GDPR, and purposes outlined in the Privacy Policy.

5. Sub-processors

Macha engages vetted partners including:

  • Supabase (Frankfurt, Germany) — embeddings
  • MongoDB (Frankfurt, Germany) — config data
  • DigitalOcean (Frankfurt, Germany) — hosting
  • OpenAI — generative responses
  • Stripe — billing

6. Data Location & Transfers

Primary processing in Frankfurt, Germany. International transfers use Standard Contractual Clauses or the EU-U.S. Data Privacy Framework.

7. Security Measures

  • AES-256 encryption at rest
  • Email OTP authentication
  • Role-based access control
  • Key separation
  • PII redaction
  • Data minimization policies

8. Data Subject Rights

Macha assists customers in responding to GDPR data subject requests (access, correction, deletion).

9. Data Retention and Deletion

  • Trial users: 30 days post-trial
  • Paid users: 30 days post-termination
  • Early deletion available upon request

10. Breach Notification

Macha notifies customers promptly of breaches, detailing nature, impact, mitigation steps, and contact information.

11. Audit Rights

Customers may audit practices with reasonable notice (max once yearly) while protecting other customers' confidentiality.

12. Term and Termination

Agreement remains active during data processing; Macha deletes or returns data upon termination unless law requires retention.

13. Contact

For questions, contact [email protected].