VOZO DATA PROCESSING AGREEMENT (DPA)

Last Updated: Feb 20, 2026


This Data Processing Agreement (“DPA”) forms part of the Vozo Terms of Use (“Terms”) between Honeybee Technology Ltd (“Vozo”, “Processor”) and the Customer (“Controller”).

This DPA applies where Vozo processes Personal Data on behalf of Customer in connection with the Services.

1. DEFINITIONS

“Personal Data” means any information relating to an identified or identifiable natural person as defined under applicable Data Protection Laws.

“Data Protection Laws” means the GDPR (Regulation (EU) 2016/679), UK GDPR, Swiss FADP (where applicable), and other applicable privacy laws.

“Controller” means the entity determining the purposes and means of processing Personal Data.

“Processor” means the entity processing Personal Data on behalf of the Controller.

“Sub-processor” means any third party engaged by Processor to process Personal Data.

“Standard Contractual Clauses” or “SCCs” means the European Commission Implementing Decision (EU) 2021/914.

2. ROLE OF THE PARTIES

Customer acts as Controller (or Processor where applicable). Vozo acts as Processor.

Vozo shall process Personal Data only:

  • On documented instructions from Customer
  • To provide the Services
  • In accordance with the Terms and this DPA

3. NATURE AND PURPOSE OF PROCESSING

Vozo may process Personal Data for:

  • AI-based transcription
  • Translation
  • Subtitle generation
  • Voice synthesis
  • Video rendering
  • API processing
  • Storage and retrieval

Categories of Data Subjects:

  • Customer employees
  • End users
  • Video participants
  • Content contributors

Categories of Personal Data:

  • Audio and voice data
  • Video recordings
  • Names
  • Email addresses
  • Metadata
  • Transcripts
  • Subtitles

4. PROCESSING INSTRUCTIONS

Vozo shall process Personal Data solely on Customer’s documented instructions. Vozo shall inform Customer if it believes an instruction violates applicable Data Protection Laws.

5. CONFIDENTIALITY

Vozo ensures that personnel authorized to process Personal Data are subject to confidentiality obligations and receive appropriate privacy training.

6. SECURITY MEASURES

Vozo implements appropriate technical and organizational measures including:

  • Encryption in transit (TLS 1.2+) and at rest
  • Access control mechanisms
  • Authentication and authorization controls
  • Infrastructure monitoring
  • Secure development practices

Additional security documentation may be available at https://trust.vozo.ai.

7. SUB-PROCESSORS

Customer authorizes Vozo to engage Sub-processors. Vozo shall impose contractual data protection obligations and remain responsible for Sub-processor compliance. A current list of Sub-processors is available via Trust Center or upon request.

8. THIRD-PARTY AI MODEL PROVIDERS

Customer acknowledges that certain features rely on third-party AI model providers; Vozo does not control their independent infrastructure and processing may occur on infrastructure operated by those providers. Vozo shall implement commercially reasonable safeguards when engaging such providers.

9. CUSTOMER-ISOLATED MODEL FINE-TUNING

Where enabled:

  • Fine-tuning is performed solely for the Customer
  • Fine-tuned models are logically isolated
  • Data is not used to train shared public models
  • Data is not shared with other customers for model training

10. DATA SUBJECT RIGHTS

Vozo shall assist Customer in responding to Data Subject Requests, including access, rectification, erasure, restriction, and portability, to the extent technically feasible.

11. PERSONAL DATA BREACH

Vozo shall notify Customer without undue delay upon becoming aware of a Personal Data Breach affecting Customer data. Notification shall include the nature of breach, categories of data affected, likely consequences, and mitigation measures.

12. DATA RETENTION AND DELETION

Upon termination, data may be retained up to 90 days; Customer may request export; and after the retention period data may be deleted. Vozo shall delete Personal Data upon request where legally required.

13. INTERNATIONAL DATA TRANSFERS

Where Personal Data is transferred outside the EEA, UK, or Switzerland to jurisdictions not recognized as providing adequate protection, transfers shall be governed by EU Standard Contractual Clauses (Module 2), the UK International Data Transfer Addendum (where applicable), and the Swiss Addendum (where applicable). The SCCs are incorporated into this DPA as Annex IV.

14. TRANSFER IMPACT ASSESSMENT (TIA)

Vozo represents that it has assessed applicable US laws; has not received government access requests related to Customer data; will notify Customer where legally permitted if such a request is received; and will challenge unlawful access requests where appropriate.

15. AUDITS

Vozo shall provide documentation necessary to demonstrate compliance. Audit rights may be satisfied by SOC-type reports (if available), security certifications, and Trust Center documentation. On-site audits require reasonable notice and confidentiality safeguards.

16. LIABILITY

Liability under this DPA is subject to liability limitations in the Terms.

17. TERM

This DPA remains in effect as long as Vozo processes Personal Data on behalf of Customer.

ANNEX I – DESCRIPTION OF PROCESSING

Controller: Customer
Processor: Honeybee Technology Ltd
Processing Purpose: AI video translation services
Data Subjects: As described in Section 3
Data Categories: As described in Section 3
Processing Duration: Duration of Services + 90 days retention

ANNEX II – TECHNICAL AND ORGANIZATIONAL MEASURES

  • Encryption in transit and at rest
  • Role-based access controls
  • Infrastructure firewall protections
  • Monitoring and logging
  • Secure cloud hosting
  • Employee confidentiality agreements
  • Access review processes

ANNEX III – SUB-PROCESSORS

May include:

  • Cloud hosting providers
  • AI model providers
  • Speech-to-text providers
  • Translation providers
  • Voice synthesis providers
  • Storage providers

Updated list maintained at Trust Center.

ANNEX IV – EU STANDARD CONTRACTUAL CLAUSES (MODULE 2)

The Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) Module 2 (Controller to Processor) are hereby incorporated by reference into this DPA.

For purposes of the SCCs:

  • Module 2 applies.
  • Clause 7 (Docking clause) applies.
  • Clause 9 (Use of sub-processors): Option 2 (general written authorization) applies.
  • Clause 11 (Redress): Optional language not included.
  • Clause 17 (Governing law): Ireland.
  • Clause 18 (Forum): Ireland.
  • Annex I & II correspond to Annex I & II of this DPA.
  • Annex III (Sub-processors) corresponds to Annex III of this DPA.

The full text of the SCCs is incorporated as if set forth in full herein.

ENTERPRISE SIGNATURE PAGE

Controller: ___________________________
Authorized Signatory: __________________
Title: ________________________________
Date: ________________________________

Processor: Honeybee Technology Ltd
Authorized Signatory: __________________
Title: ________________________________
Date: ________________________________