This product is still in development. Visit again so you know when the waitlist is available.

Data Processing Agreement

Last updated: 9/21/2025

1. Definitions

This Data Processing Agreement ("DPA") forms part of the Terms of Service between you ("Controller") and SouthByteLabs ("Processor") for the use of Veritas.

  • Personal Data: Any information relating to an identified or identifiable natural person
  • Processing: Any operation performed on personal data
  • Data Subject: The natural person to whom personal data relates
  • GDPR: General Data Protection Regulation (EU) 2016/679

2. Scope and Nature of Processing

SouthByteLabs processes personal data on behalf of the Controller for the following purposes:

  • Providing AI-powered customer service automation
  • Document ingestion and content analysis
  • Generating contextual responses to customer inquiries
  • Usage analytics and service optimization

Categories of Data Subjects: End customers, employees, and other individuals whose data is contained in uploaded documents or customer interactions.

3. Controller and Processor Obligations

Controller Obligations:

  • Ensure lawful basis for processing personal data
  • Provide clear privacy notices to data subjects
  • Only upload data necessary for the service
  • Respond to data subject requests within legal timeframes

Processor Obligations:

  • Process data only on documented instructions from Controller
  • Implement appropriate technical and organizational measures
  • Assist with data subject requests and impact assessments
  • Notify Controller of any data breaches within 72 hours

4. Security Measures

SouthByteLabs implements the following security measures:

  • Encryption in transit and at rest using industry-standard protocols
  • Isolated customer data stores with access controls
  • Regular security audits and penetration testing
  • Employee training on data protection and confidentiality
  • Incident response procedures and breach notification protocols

5. Sub-processors

SouthByteLabs may engage the following categories of sub-processors:

  • Cloud infrastructure providers (AWS, Google Cloud, Azure)
  • AI model providers (OpenAI, Anthropic, others)
  • Payment processors (Stripe)
  • Analytics and monitoring services

All sub-processors are bound by equivalent data protection obligations. We will notify you of any changes to our sub-processor list.

6. Data Transfers

Personal data may be transferred to and processed in countries outside the EEA. We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Additional safeguards as required by applicable law

7. Data Retention and Deletion

Personal data will be:

  • Retained only for as long as necessary to provide the service
  • Deleted or returned upon termination of the agreement
  • Securely destroyed using industry-standard methods
  • Subject to legal hold requirements where applicable

8. Contact Information

For questions about this Data Processing Agreement or to exercise data subject rights:

Data Protection Officer: dpo@southbytelabs.com
Legal Team: legal@southbytelabs.com
Address: SouthByteLabs Data Protection Team
9, Oba Akinjobi Way, GRA, Ikeja, Lagos, Nigeria.