Data Processing Agreement


Last Updated: November 1, 2024

If you need a signed copy of this Data Processing Agreement, please contact [email protected].

This Data Processing Agreement and its Annexes A, B, and C (“DPA”) is between Profit Shark, Inc. dba aibusinessautomation.ai and the party executing this agreement as Customer (“Customer”). This DPA reflects the parties’ agreement with respect to the processing of personal data by aibusinessautomation.ai on behalf of Customer in connection with the service under the Terms of Service agreement between the parties (“Agreement”).

This DPA is part of the Agreement and is effective upon execution or as specified in the Agreement or any amendment. In case of any conflict with the terms of the Agreement, this DPA will take precedence over the Agreement regarding such conflict.



1. Definitions

Expanded Definitions for Comprehensive Clarity

The following definitions apply in this DPA:

CCPA:California Consumer Privacy Act, California Civil Code Sec. 1798.100 et seq., as amended.

California Personal Information:Refers to Personal Data subject to CCPA protections.

Business Purpose, Controller, Processor, Data Subject, Personal Data, Personal Data Breach, Process, and Processing: Defined in line with relevant Data Protection Laws.

Customer Personal Data: Any information related to an identified or identifiable individual that resides within Customer Data, processed under the Agreement, protected under applicable Data Protection Laws.

Data Protection Laws: Includes all worldwide data protection and privacy laws relevant to the parties’ processing activities, including but not limited to the GDPR, CCPA, and other U.S. laws.

Europe:Includes the EU, EEA, Switzerland, and the UK.

European Data:Personal Data subject to European Data Protection Laws.

European Data Protection Laws:Covers GDPR, ePrivacy Directive, national implementations, and other relevant European data protection laws.

GDPR:General Data Protection Regulation ((EU) 2016/679) and the UK equivalent.

Standard Contractual Clauses:EU’s standard clauses for data transfers, referenced at EU SCC Link.

UK Addendum:UK International Data Transfer Addendum, available here.


2. Compliance with Data Protection Laws

aibusinessautomation.ai and the Customer agree to uphold the requirements of Data Protection Laws. This DPA supplements the Agreement and is not a substitute for other legally required compliance activities.


3. Controller and Processor Roles

The parties agree that aibusinessautomation.ai processes Customer Personal Data strictly as a processor on behalf of the Customer.

Customer may act as either a controller or processor, depending on their own circumstances and compliance obligations.


4. Customer Responsibilities for Data Transfers and Consents

Customer agrees to secure all necessary permissions and notices for the lawful processing of Customer Personal Data by

aibusinessautomation.ai. Customer indemnifies aibusinessautomation.ai from liability arising from any failures to obtain necessary consents.


5. Nature, Scope, and Purpose of Processing

The specifics on processing scope, types of personal data, and categories of data subjects are detailed in Annex A.


6. Customer Instructions and Processing Limits

aibusinessautomation.ai will only process Customer Personal Data per documented instructions from the Customer, or as legally required. Instructions outside this scope require written agreement. aibusinessautomation.ai will notify Customer if any instruction potentially conflicts with Data Protection Laws.


7. Obligations of aibusinessautomation.ai

Detailed Commitments

Security:Maintain advanced technical and organizational measures as outlined in Annex B. Updates will not lower data protection standards.

Confidentiality: Ensure all authorized personnel are under strict confidentiality obligations.

Support for Compliance: Assist the Customer with any data subject requests, security compliance, breach notifications, and regulatory engagements, as applicable under Data Protection Laws.

Breach Notification:Promptly notify the Customer upon detecting a breach affecting Customer Personal Data.

Data Retention and Deletion: Upon termination of the Agreement, aibusinessautomation.ai will return or delete Customer Personal Data per Customer instructions unless further retention is legally mandated.

Data Processing Compliance: aibusinessautomation.ai will make available any required information to help demonstrate GDPR compliance and contribute to audits if needed.


8. Service Provider Provisions under CCPA

When applicable, aibusinessautomation.ai acts as a “service provider” under CCPA guidelines, using California Personal Informationexclusively for defined business purposes per the Agreement.


9. Appointment of Subprocessors

Customer authorizes aibusinessautomation.ai to engage subprocessors to assist with processing activities, with obligations to meet compliance standards equivalent to those in this DPA. Subprocessors will be listed in Annex C and updated as required.


10. Data Transfers Involving European Data

aibusinessautomation.ai will comply with EU or UK Standard Contractual Clauses or UK Addendum requirements for European Data transfers outside Europe.

If non-compliance occurs, Customer may suspend affected services.


11. DPA Amendments

aibusinessautomation.ai reserves the right to modify this DPA to reflect changes in applicable Data Protection Laws.


Annex A - Details of Processing

Detailed Information on Data Processing

A. Parties

Data Exporter: Customer (referencing their Platform Account for address and role).

Data Importer: Profit Shark, Inc. dba aibusinessautomation.ai, acting as the Processor.

Data Subjects: Include Customer’s customers and potential leads.

Personal Data Categories: Typically includes name, date of birth, contact details, and relevant online profiles as directed by the Customer.

Frequency of Transfer: Variable during the Agreement term.

Purpose and Processing Nature: Data is processed to facilitate Customer marketing activities, as outlined in the Agreement.


Annex B - Technical and Organizational Security Measures

Comprehensive Data Security Controls

Encryption: AES 256 CBC for data at rest; TLS v1.2+ for data in transit.

Confidentiality: Enforced with user-based access and role restrictions.

Resilience and Availability: Backups performed on AWS/GoogleCloud with rapid restore capabilities.

User Authentication: Role-based access controls and password-protected access.

Data Minimization: Limited data collection fields, configurable by Customer.

Audit Logs: Maintained for user activity and system integrity.

Governance: Managed third-party IT support, HIPAA-compliant security certification.


12. Data Subject Rights

aibusinessautomation.ai will, to the extent legally required and feasible, assist Customer in responding to data subject requests (e.g., access, correction, deletion, restriction, data portability) under applicable Data Protection Laws. All associated costs for such assistance will be at Customer’s expense unless otherwise agreed.


13. Personal Data Breaches Notification of Breach:

aibusinessautomation.ai will promptly notify Customer upon becoming aware of a Personal Data Breach involving Customer Personal Data, as required under applicable Data Protection Laws.

Notifications will include, to the extent known:

Description of the incident: Circumstances of the breach, including when it occurred.

Data impacted: A general description of the data categories and approximate volume.

Mitigation efforts: Actions taken by aibusinessautomation.ai to contain and address the breach.

In the event of such a breach, aibusinessautomation.ai will reasonably cooperate with Customer to address any regulatory inquiries or required notifications to affected data subjects.


14. Limitation of Liability

The liability of each party under or in connection with this DPA will be subject to the exclusions and limitations of liability set forth in the Agreement. Nothing in this DPA will limit a party’s liability with respect to data protection law violations or Personal Data breaches resulting from its own negligence or willful misconduct.


15. Term and Termination

This DPA will remain in effect as long as aibusinessautomation.ai processes Customer Personal Data under the Agreement. Upon termination or expiration,aibusinessautomation.ai will, per Customer’s choice and in line with legal obligations, either delete or return all Customer Personal Data in its possession.

If Customer does not provide a written choice within 30 days of Agreement termination, aibusinessautomation.ai will securely delete all Customer Personal Data.


16. Governing Law and Jurisdiction

This DPA will be governed by and interpreted in accordance with the governing law specified in the Agreement. Any disputes under this DPA will be resolved under the jurisdiction clauses of the Agreement.


17. Entire Agreement and Amendments

This DPA constitutes the entire agreement between the parties regarding data processing, superseding all prior agreements. Any modifications to this DPA must be in writing, signed by both parties, except where aibusinessautomation.ai reserves the right to update terms as required by changes in applicable Data Protection Laws.


18. Analytics and Tracking Data

As part of our commitment to data security and compliance,we utilize third-party analytics tools, including Microsoft Clarity and Google Analytics 4 , to process data related to user nteractions on our website. The data collected through these tools may include:

Behavioral data (e.g., mouse clicks, scrolling activity, session recordings).

Technical information (e.g., IP address, browser type, device information).

Demographic and geographical insights.

Data Processing:


All data collected by these tools is processed in accordance with applicabledata protection regulations, including GDPR, CCPA, and other international laws.

Microsoft Clarity: Data collected is pseudonymized and stored securely within Microsoft's infrastructure, which complies with ISO/IEC 27001 standards.

Google Analytics 4: Data is aggregated and anonymized before analysis, with storage limited to servers compliant with SOC 2 Type II standards.

Data Security Measures:

All data transmitted to and from analytics providers is encrypted using TLS 1.2 or higher. Access to analytics data is restricted to authorized personnel and is managed through role-based access controls. Data is retained only for as long as necessary for business and compliance purposes, typically [X months], after which it is anonymized or deleted.

User Rights and Transparency:


Users may opt out of analytics tracking by:

Disabling cookies through their browser settings. Using the Google Analytics Opt-Out Tool.

For further details on how these providers handle data,
refer to their respective privacy and security documentation:

Microsoft Clarity Data Security

Google Analytics Data Security


How to Contact Us

For any questions or to exercise rights related to this Data Processing Agreement, you may contactaibusinessautomation.ai at:

Profit Shark, Inc. dba aibusinessautomation.ai
Mailing Address: P.O. BOX 222447, Hollywood, FL 33022
Email: [email protected]