Data Processing Agreement
Terms governing usemoos's processing of personal data on behalf of your organization, including GDPR and CCPA commitments.
Effective June 16, 2026
This Data Processing Agreement (“DPA”) forms part of the agreement between usemoos, Inc. (“Processor,” “usemoos”) and the customer organization (“Customer,” “Controller”) governing usemoos’s use of the Service, as referenced in our Terms of Service. It applies whenever usemoos processes personal data on Customer’s behalf in the course of providing the Service.
1. Definitions
Terms such as “personal data,” “processing,” “controller,” “processor,” and “data subject” have the meanings given to them under the EU General Data Protection Regulation (“GDPR”) and, where applicable, the California Consumer Privacy Act (“CCPA”) and other applicable data protection law.
2. Roles of the Parties
Customer acts as the controller (or business, under the CCPA) of personal data processed through the Service. usemoos acts as the processor (or service provider, under the CCPA) and processes personal data only on Customer’s instructions, as set out in this DPA and the underlying agreement.
3. Scope and Nature of Processing
usemoos processes personal data contained within the third-party sources Customer connects (such as Slack, Notion, Google Drive, GitHub, and Jira), account and authentication data, and query and conversation data, solely to provide indexing, search, and conversational AI features within Customer’s workspace. Full detail on categories of data processed is set out in our Privacy Policy.
4. Processor Obligations
- Process personal data only on Customer’s documented instructions.
- Ensure personnel authorized to process personal data are bound by confidentiality obligations.
- Implement appropriate technical and organizational measures, as described in our Security page, to protect personal data against unauthorized access, loss, or disclosure.
- Assist Customer, to the extent reasonably possible, in responding to data subject requests and in meeting Customer’s own compliance obligations under applicable law.
- Notify Customer without undue delay upon becoming aware of a personal data breach affecting Customer’s data.
- Delete or return personal data upon termination of the Service, consistent with the retention terms in our Privacy Policy.
5. Sub-processors
Customer authorizes usemoos to engage sub-processors to provide the Service, including cloud infrastructure, AI model, and vector database providers. usemoos remains responsible for sub-processor compliance with data protection obligations equivalent to those in this DPA, and maintains a current list of sub-processors available upon request at privacy@usemoos.com.
6. International Data Transfers
Where personal data originating in the European Economic Area, the United Kingdom, or Switzerland is transferred to the United States, such transfers are made under the European Commission’s Standard Contractual Clauses or another legally recognized transfer mechanism, incorporated into this DPA by reference.
7. Audits
Upon reasonable written request, no more than once per year, usemoos will make available information reasonably necessary to demonstrate compliance with this DPA, including responses to security questionnaires or summaries of independent audit reports where available.
8. Liability
Liability arising under this DPA is subject to the limitations of liability set out in our Terms of Service.
9. Contact
For questions about this DPA or to request an executed copy, contact privacy@usemoos.com.