Data Processing Agreement (DPA)

Effective Date: November 12, 2025
Last Updated: November 12, 2025

Overview

This Data Processing Agreement (“DPA”) forms part of the TopCalls Terms of Service and governs the processing of personal data by TopCalls on behalf of clients.

Definitions

  • Controller: Client (BPO or enterprise using TopCalls)
  • Processor: TopCalls (processing data on behalf of Controller)
  • Personal Data: Contact information, call recordings, transcripts, and metadata processed by TopCalls
  • Data Subject: End-users whose data is processed (prospects, customers, etc.)

Scope of Processing

Data Categories

TopCalls processes:

  • Contact Data: Names, phone numbers, email addresses
  • Call Metadata: Timestamps, duration, disposition codes
  • Audio Recordings: Call recordings (if enabled)
  • Transcripts: AI-generated call transcripts

Processing Purposes

TopCalls processes data solely for:

  • Executing AI-powered communication workflows as configured by the Client
  • Generating call analytics and performance reports
  • Complying with legal/regulatory obligations

Data Security Measures

Technical Safeguards

  • Encryption: All data encrypted at rest (AES-256) and in transit (TLS 1.2+)
  • Access Controls: Role-based access, multi-factor authentication
  • Audit Logs: Comprehensive logging of data access and modifications

Organizational Safeguards

  • Employee Training: Annual security and privacy training
  • Confidentiality: All staff bound by confidentiality agreements
  • Incident Response: 72-hour breach notification process

Sub-Processors

TopCalls uses the following sub-processors:

  • Cloud Infrastructure: AWS (US, EU regions)
  • AI/ML Services: OpenAI, Deepgram, ElevenLabs
  • Communication: Twilio (telephony)

Clients will be notified 30 days before adding new sub-processors.

Data Subject Rights

TopCalls assists Clients in fulfilling Data Subject rights under GDPR/CCPA:

  • Access: Provide copies of personal data within 30 days
  • Rectification: Correct inaccurate data
  • Erasure: Delete data upon request (subject to legal retention)
  • Portability: Export data in machine-readable format

Requests should be directed to hello@topcalls.ai.

Data Retention & Deletion

Retention Periods

  • Call recordings: 90 days (configurable)
  • Transcripts: 1 year (compliance archival)
  • Contact lists: Duration of client contract + 30 days

Deletion Procedures

Upon contract termination:

  • Immediate: Call recordings and transcripts deleted within 30 days
  • Retention: Billing records retained 7 years (legal requirement)

International Data Transfers

Legal Mechanisms

TopCalls transfers data internationally using:

  • Standard Contractual Clauses (SCCs): EU Commission-approved SCCs for EU-US transfers
  • Adequacy Decisions: Reliance on jurisdiction-specific adequacy decisions

Data Localization

Clients may request data residency in specific regions (subject to availability and additional fees).

Liability & Indemnification

TopCalls Liability

TopCalls is liable for data breaches caused by failure to implement agreed security measures.

Client Liability

Clients indemnify TopCalls for:

  • Processing data without lawful basis (e.g., lacking consent)
  • Providing inaccurate or unlawful data
  • Violating data subject rights

Audit Rights

Clients may audit TopCalls' data processing practices annually by:

  • Requesting SOC 2 Type II reports (provided upon NDA)
  • Conducting on-site audits (30 days' notice, reasonable costs)

Termination

This DPA terminates upon:

  • Expiration of TopCalls Terms of Service
  • Mutual written agreement
  • 30 days after final data deletion

Questions? Contact us at hello@topcalls.ai

Download Full DPA: PDF version available upon request

WISDOM SPHERE LLC
16192 Coastal Highway
Lewes, DE 19958, US
Tax ID: 30-1362053