Data Processing Agreement (DPA)

This Data Processing Agreement (“DPA”) forms part of the Terms of Service (“Agreement”) between Relan AI, a product of 10x Galaxy Ltd (United Kingdom) (“Processor”), and the Customer (“Controller”). This DPA governs the processing of personal data in compliance with applicable data protection laws including UK GDPR, EU GDPR, CCPA (where applicable), and global privacy standards.

Relan AI provides behavioral engagement analysis, relationship health scoring, and revenue exposure insights. Relan AI acts as a Data Processor. The Customer acts as the Data Controller. Processing occurs strictly according to documented instructions.

- Controller: Entity determining purposes and means of processing.

- Processor: Relan AI processing data on behalf of Controller.

- Personal Data: Information relating to an identifiable individual.

- Processing: Any operation performed on personal data.

- Sub-processor: Third party engaged to process personal data.

Relan AI processes data solely for engagement monitoring, relationship classification, revenue exposure estimation, security, logging, fraud detection, and operational support.

- Names and business contact details.

- Email metadata (timestamps, frequency, response time – not content unless configured).

- CRM data and revenue values.

- Meeting activity logs.

- Communication frequency metrics.

- System logs and API data.

Relan AI does NOT train core AI models using customer proprietary data unless explicitly opted-in.

All submitted data remains property of the Controller. Relan AI does not claim ownership or sell customer data.

Relan AI may use Google Cloud Platform, Cloudflare, Stripe, and email service providers. All sub-processors maintain GDPR-compliant safeguards. Customers are notified 14 days before new engagement.

Standard Contractual Clauses (SCCs) and encryption safeguards are used for transfers outside the UK/EU.

- TLS 1.2+ encryption in transit.

- AES-256 encryption at rest.

- Role-based access control and MFA.

- DDoS protection and firewall.

- Logging and monitoring.

- Least-privilege access policy.

- Segregated environments and vulnerability assessments.

Data retained only as necessary. Upon termination, data deleted from active systems and backups purged within 30 days.

Relan AI will notify the Controller within 72 hours, provide breach details, mitigation steps, and cooperate with investigations.

Controllers may exercise rights of access, rectification, erasure, portability, restriction, and objection. Relan AI assists where required.

All data treated as confidential. Employees and contractors are bound by confidentiality obligations and security training.

In case of acquisition or restructuring, customer data transfers only if necessary for continued service with equal or higher safeguards.

This DPA remains valid while services are used. Controllers may request compliance documentation.