Data Processing Terms.

Effective 15 June 2026

These Data Processing Terms ("DPA") form part of the Terms of Service or other agreement governing the use of the Services (the "Agreement") between the customer ("Customer") and Taso AI ("Provider").

To the extent that Provider processes Personal Data on behalf of Customer in connection with the Services, the following terms apply.

1. Roles of the Parties

For the purposes of applicable data protection laws, including the EU General Data Protection Regulation (EU) 2016/679 ("GDPR"):

  • Customer acts as the Controller, and
  • Provider acts as the Processor.

Customer is responsible for ensuring that it has a lawful basis for processing Personal Data and for providing required notices to Data Subjects.

2. Processing of Personal Data

Provider shall process Personal Data only:

  • to provide the Services in accordance with the Agreement, and
  • in accordance with Customer's documented instructions, unless required otherwise by applicable law.

The categories of personal data and data subjects depend on Customer's use of the Services and may include account and contact details of Customer's users (such as name and email address), user authentication and usage data, system logs, and personal data relating to Customer's customers or end users submitted to the Service for analytics and asset management purposes.

3. Confidentiality

Provider shall ensure that persons authorised to process Personal Data are subject to appropriate confidentiality obligations.

4. Security

Provider shall implement appropriate technical and organisational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

5. Sub-processors

Customer provides a general authorisation for Provider to engage sub-processors in connection with the provision of the Services.

Provider shall ensure that any sub-processor is bound by data protection obligations that are no less protective than those set out in these Data Processing Terms.

Provider shall remain responsible for the performance of its sub-processors.

Provider will make available information about its current sub-processors upon reasonable request.

6. International Transfers

Provider may transfer Personal Data outside the European Economic Area only where appropriate safeguards are in place in accordance with applicable data protection laws, such as an adequacy decision or the European Commission's Standard Contractual Clauses.

7. Assistance

Taking into account the nature of the processing, Provider shall provide reasonable assistance to Customer in responding to data subject requests and in complying with applicable data protection obligations.

8. Personal Data Breach

Provider shall notify Customer without undue delay after becoming aware of a Personal Data breach affecting Personal Data processed on behalf of Customer.

9. Deletion of Data

Upon termination or expiry of the Agreement, Provider shall delete or return Personal Data processed on behalf of Customer, unless retention is required by applicable law.

10. Compliance and Information

Provider shall make available information reasonably necessary to demonstrate compliance with these Data Processing Terms upon reasonable request.

11. Liability

Each party's liability arising out of or related to these Data Processing Terms shall be subject to the limitations of liability set out in the Agreement, unless otherwise required by applicable data protection law.

12. Order of Precedence

In the event of a conflict between these Data Processing Terms and the Agreement, these Data Processing Terms shall prevail with respect to the processing of Personal Data.

13. Contact

Questions regarding the processing of Personal Data under the Services may be directed to:

Taso AI

Email: sales@tasoasset.com