Legal & Compliance

1. Scope and Roles

This DPA applies to all personal data uploaded by the Customer or gathered through the WhatsApp API flows. In this relationship, the Customer operates as the **Data Controller** (determining messaging objectives), and Zunnich acts as the **Data Processor** (executing automations and hosting records).

2. Processing Activities

The Processor will handle specific client details strictly to deliver the requested services, including:

• End-user names, contact numbers, and identifiers.
• Chat transcript histories, attachments, and media logs.
• Chatbot routing metrics, appointments, and custom tag arrays.

3. Customer Warranties

The Controller represents and warrants that:

• Appropriate consent has been obtained from end users before initiating communications.
• Data collection practices comply with local data protection regulations.
• Uploaded contact databases contain legitimately sourced telephone parameters.

4. Security Measures

Zunnich implements robust physical and logical safeguards to protect user data, including end-to-end transport encryptions (HTTPS), segmented databases, strong access controls, and regular vulnerability scanning.

5. Subprocessors

The Customer authorizes Zunnich to employ subprocessors to deliver platform features. These subprocessors include:

• **Meta Platforms, Inc.** (WhatsApp API gateway provider)
• **Amazon Web Services (AWS)** (Encrypted database hosting)
• **Stripe, Inc.** (PCI-compliant transaction vault)

6. Data Subject Requests

To the extent possible, Zunnich will assist the Controller in responding to data subject requests regarding access, correction, deletion, or portability of personal data under applicable regulations.

7. Incident Management

In the event of a confirmed security incident affecting customer data, Zunnich will notify affected customers without undue delay in accordance with regulatory requirements.