speck
Speck
PricingPricingPricing
Book DemoBook DemoBook Demo

Data Processing Agreement

Introduction

This Data Processing Agreement ("DPA") forms part of the Terms of Service between Speck ("Company," "we," "us," or "our") and you ("Customer," "you," or "your") and governs the processing of Personal Data in connection with the provision of Speck's AI sales assistant services ("Services").

Definitions

For the purposes of this DPA, the following definitions apply:

  • "Personal Data" means any information relating to an identified or identifiable natural person that is processed by Company on behalf of Customer in connection with the Services.
  • "Processing" means any operation or set of operations performed on Personal Data, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, or destruction.
  • "Data Subject" means an identified or identifiable natural person whose Personal Data is processed under this DPA.
  • "Applicable Data Protection Laws" means all applicable laws, regulations, and binding regulatory guidance relating to the processing of Personal Data, including GDPR, CCPA, and other applicable privacy laws.

Processing Details

Nature and Purpose of Processing

Company processes Personal Data on behalf of Customer to provide the Services, which include:

  • AI-powered sales conversation analysis and coaching
  • Meeting transcription and note generation
  • Customer relationship management integration
  • Sales performance analytics and insights
  • Email and communication assistance

Categories of Personal Data

The Personal Data processed may include:

  • Contact information (names, email addresses, phone numbers)
  • Professional information (job titles, company names)
  • Communication content (meeting recordings, transcripts, emails)
  • Usage data and analytics information
  • Account and authentication information

Categories of Data Subjects

Data Subjects may include:

  • Customer's employees and representatives
  • Customer's clients and prospects
  • Meeting participants and attendees
  • Third parties involved in Customer's business communications

Data Controller and Processor Obligations

Customer as Data Controller

Customer acknowledges and agrees that it is the Data Controller for all Personal Data provided to Company. Customer shall:

  • Ensure lawful basis for processing under Applicable Data Protection Laws
  • Provide necessary notices to Data Subjects about data processing
  • Obtain required consents where necessary
  • Ensure accuracy and relevance of Personal Data provided
  • Handle Data Subject requests and inquiries

Company as Data Processor

Company acknowledges and agrees that it is the Data Processor and shall:

  • Process Personal Data only on documented instructions from Customer
  • Implement appropriate technical and organizational measures
  • Ensure confidentiality of Personal Data
  • Assist Customer in responding to Data Subject requests
  • Notify Customer of Personal Data breaches without undue delay

Security Measures

Company implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of Personal Data in transit and at rest
  • Regular security assessments and monitoring
  • Access controls and authentication measures
  • Employee training on data protection
  • Incident response and breach notification procedures
  • Regular backup and disaster recovery procedures

Subprocessors

Customer acknowledges that Company may engage third-party subprocessors to assist in providing the Services. Company maintains a current list of subprocessors, which is available at /legal/subprocessors.

Company will provide at least 30 days' notice of any changes to subprocessors. Customer may object to new subprocessors and terminate the Services if the objection cannot be resolved.

International Data Transfers

Personal Data may be transferred to and processed in countries other than the country in which Customer is located. Company ensures that such transfers are conducted in compliance with Applicable Data Protection Laws, including through:

  • Standard Contractual Clauses approved by relevant authorities
  • Adequacy decisions by competent authorities
  • Other legally recognized transfer mechanisms

Data Subject Rights

Company shall assist Customer in fulfilling Data Subject requests, including:

  • Right of access to Personal Data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

Data Retention and Deletion

Company will retain Personal Data only for as long as necessary to provide the Services or as required by law. Upon termination of the Services or upon Customer's request, Company will delete or return all Personal Data, unless retention is required by applicable law.

Audit and Compliance

Company shall make available to Customer information necessary to demonstrate compliance with this DPA. Customer may conduct audits, including inspections, upon reasonable notice and during regular business hours, subject to confidentiality obligations.

Liability

Each party's liability under this DPA shall be subject to the limitation of liability provisions set forth in the Terms of Service. Nothing in this DPA shall limit either party's liability for data protection violations to the extent such limitations are prohibited by Applicable Data Protection Laws.

Contact Information

For questions regarding this DPA or data processing practices, please contact us at:

  • Email: legal@speck.sh
  • Subject Line: Data Processing Agreement Inquiry

Effective Date

This Data Processing Agreement is effective as of the date Customer first uses the Services and remains in effect for the duration of the Terms of Service.

Last updated: January 2025