Enterprise customers and organisations subject to GDPR, UK GDPR, India's DPDP Act, or other data protection frameworks may require a signed DPA with Talkwisely. Here's what it covers and how to request it.
A Data Processing Agreement (DPA) is a legally binding contract between a Data Controller — the organisation that determines why and how personal data is processed — and a Data Processor — the organisation that processes data on the Controller's behalf.
For most Talkwisely enterprise customers, your organisation is the Data Controller for communications data (call recordings, transcripts, AI analytics output) and Talkwisely is the Data Processor. A DPA governs exactly how we process that data on your behalf.
Operate in or serve customers in the EU or EEA — required under GDPR Article 28.
Operate in or serve customers in the UK — required under UK GDPR.
Process personal data subject to India's Digital Personal Data Protection Act 2023 (DPDP Act).
Are in a regulated industry: healthcare, finance, legal, recruitment, or education.
Are going through enterprise security reviews, vendor onboarding, or procurement qualification.
Require contractual guarantees about AI training restrictions, data residency, or breach notification timelines.
Need assurance that sub-processors (AI APIs, cloud infra) are bound by equivalent obligations.
Controller / Processor roles: clearly defines Talkwisely as Data Processor for communications data and the Customer as Data Controller.
Processing purposes and scope: specifies exactly what data is processed, for what purpose, and for how long.
Sub-processor authorisation: lists all sub-processors (talkwisely.io/legal/subprocessors) and the conditions under which they are engaged.
Security obligations: codifies technical and organisational security measures — AES-256 encryption at rest, TLS in transit, RBAC, MFA, audit logging, penetration testing, and DDoS mitigation.
Data residency: confirms regional storage commitments and international transfer mechanisms (Standard Contractual Clauses for EU data).
AI training prohibition: contractual guarantee that customer data is never used to train AI models — binding on Talkwisely and all AI sub-processors.
Breach notification: Talkwisely will notify the Customer within 72 hours of discovering a personal data breach.
Data return and deletion: on contract termination, Talkwisely will return or permanently delete all Customer data as directed.
GDPR / UK GDPR / DPDP Act compliance: structured to satisfy applicable framework requirements.
Our standard DPA is available on request. A self-service version will be published at talkwisely.io/legal/dpa once finalised.
Email dpo@talkwisely.io with the subject line 'DPA Request — [Your Organisation Name]'.
Include: your organisation's name, jurisdiction, applicable compliance frameworks, and any specific requirements.
We will provide a draft DPA within 5 business days.
Once agreed, the DPA is executed electronically and forms part of your service agreement.
Enterprise customers may request that Talkwisely sign their organisation's own DPA template.
We review customer-provided DPAs on a case-by-case basis.
Contact dpo@talkwisely.io to initiate a review.
Customers processing health-related data (including call recordings containing patient information) should contact us about a HIPAA Business Associate Agreement (BAA). We are building towards full HIPAA compliance and can discuss your specific requirements — email dpo@talkwisely.io.
Talkwisely's data residency guarantees, AES-256 encryption, RBAC, and audit logging are designed to support financial services compliance requirements including FCA (UK), SEBI (India), and PCI DSS for payment data (handled by Stripe and Razorpay, both PCI DSS certified).
Our DPA includes provisions for sensitive personal data categories relevant to legal advice and candidate data processing. EU customers in these sectors should note that our SCCs cover onward transfers to AI sub-processors and are available for inspection.
Organisations processing large volumes of customer call data should review our sub-processors list (talkwisely.io/legal/subprocessors) and data residency documentation carefully. We can provide a tailored DPA briefing — contact dpo@talkwisely.io.
For EU and UK personal data transferred to sub-processors outside the EU/EEA, we rely on the European Commission's Standard Contractual Clauses (SCCs) as the lawful transfer mechanism under GDPR Chapter V.
SCCs are in place with all sub-processors who may receive EU personal data. Copies of relevant SCCs are available for inspection upon request — email dpo@talkwisely.io.
For all DPA and data protection enquiries:
Data Protection Officer: dpo@talkwisely.io
Talk Wisely Platforms Private Limited, Ahmedabad, Gujarat, India.
Have questions about this document?
Contact us at dpo@talkwisely.io