Login

Book a Demo
Try It, Free

Loading...

RecordsKeeper.AI Data Processing Agreement

Last Updated: March 4, 2025

This Data Processing Agreement (“DPA”) forms part of the Terms of Service (https://www.recordskeeper.ai/terms-of-service) and Privacy Policy (https://www.recordskeeper.ai/privacy-policy), collectively referred to as the Agreement, entered into by and between RecordsKeeper.AI, operated by Ashto Innovations Private Limited, and the Customer.

 

The purpose of this DPA is to define the terms of processing, security, and compliance regarding Customer Personal Data under applicable Data Protection Laws.

1. Definitions

“CCPA” means the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (CPRA).

“Controller” refers to the entity that determines the purpose and means of Personal Data processing.

“Customer Personal Data” refers to any Personal Data provided to RecordsKeeper.AI by the Customer under this DPA. A full description is included in Appendix 1.

“Data Protection Law” includes, but is not limited to, the General Data Protection Regulation (GDPR), UK GDPR, Swiss FADP, CCPA, and other applicable privacy laws.

“GDPR” refers to Regulation (EU) 2016/679, governing the protection of personal data and privacy for individuals within the European Economic Area (EEA).

“Personal Data” means any identifiable personal information protected under applicable laws.

“Personal Data Breach” means any unauthorized access, disclosure, loss, alteration, or destruction of Personal Data.

“Processing” refers to any operation performed on Personal Data, such as collection, storage, transmission, or deletion.

“Processor” refers to the entity that processes Personal Data on behalf of the Controller.

“Subprocessor” refers to any third party engaged by RecordsKeeper.AI to assist in the processing of Personal Data.

“Standard Contractual Clauses” (SCCs) refer to the EU-approved data transfer mechanisms.

“UK GDPR” refers to the UK adaptation of the GDPR under the Data Protection Act 2018.

2. Scope and Processing of Personal Data

  1. . Customer appoints RecordsKeeper.AI as a Processor for the purposes of processing Customer Personal Data as defined in this DPA.

  2. RecordsKeeper.AI shall only process Customer Personal Data:

    • To deliver services as per the Agreement.
    • Under documented instructions from the Customer.
    • To comply with legal and regulatory requirements.

  3. Customer Personal Data remains the property of the Customer.

  4. . RecordsKeeper.AI shall not:

    • Sell, rent, or distribute Customer Personal Data.
    • Use Personal Data for any purpose beyond the agreed-upon services.

     

  5. RecordsKeeper.AI ensures:

    • Strict access controls – only authorized personnel have access.
    • Encryption of stored and transmitted data using AES-256 encryption.
    • Secure audit logs to prevent unauthorized access.

     

  6. Upon termination of services, RecordsKeeper.AI shall:

    • Delete or return all Personal Data within 30 days, except where legal obligations require retention.

     

3. Compliance with Data Protection Laws

  1. RecordsKeeper.AI complies with all applicable Data Protection Laws, including:

    • GDPR (EU)
    • UK GDPR
    • CCPA/CPRA (California)
    • Swiss FADP
    • Other US State Privacy Laws (e.g., Virginia, Colorado, Connecticut, Utah)

  2. RecordsKeeper.AI assists Customers with compliance obligations, including:

    • Responding to Data Subject Rights Requests (access, correction, deletion).
    • Ensuring lawful cross-border data transfers.

  3. Cross-Border Data Transfers:

    • RecordsKeeper.AI does not transfer Customer Personal Data outside the EEA/UK/Switzerland without prior approval.
    • EU Standard Contractual Clauses (SCCs) and UK Transfer Addendum apply to international data transfers.

4. Subprocessors

  1. RecordsKeeper.AI uses Subprocessors for certain processing activities.

  2. Subprocessors are subject to GDPR-compliant agreements ensuring data security and confidentiality.
  3. RecordsKeeper.AI provides Customers with a list of approved Subprocessors upon request.

  4. Customers may object to Subprocessor changes based on valid security concerns.

5. Security Measures

RecordsKeeper.AI implements bank-grade security measures, including:
Data encryption (AES-256) for all stored and transmitted data.
Strict access controls, role-based permissions, and Multi-Factor Authentication (MFA).
Tamper-proof audit logs for data access tracking.
Regular penetration testing and vulnerability assessments.
99.99% uptime with automated failover mechanisms.

6. Data Breach Notification

  1.  RecordsKeeper.AI will notify the Customer of a Personal Data Breach within 72 hours.

  2. The notification will include:

    • The nature of the breach and impacted data.
    • Steps taken to mitigate the impact.
    • Measures to prevent future occurrences.

  3. RecordsKeeper.AI shall fully cooperate with Customers to remediate security incidents.

7. Liability and Indemnification

  1.  Each party is responsible for compliance with Data Protection Laws.
  2.  RecordsKeeper.AI is not liable for processing Personal Data in accordance with Customer’s instructions if such instructions violate the law.
  3. Customers shall indemnify RecordsKeeper.AI against claims arising from unlawful data processing instructions.

8. Term and Termination

  1. This DPA remains in effect as long as RecordsKeeper.AI processes Customer Personal Data.

  2. Upon termination, all Personal Data shall be securely deleted or returned within 30 days.

APPENDIX 1 – Categories of Data

A. Data Exporter

  • Name: Customer (as defined in the Agreement)
  • Role: Controller
  • Purpose: Use of RecordsKeeper.AI services

B. Data Importer

  • Name: RecordsKeeper.AI (Ashto Innovations Private Limited)
  • Role: Processor
  • Address: 5E/35 B.P., NIT Faridabad, City Faridabad, Pin 121001

C. Categories of Data Processed

User Identification Data: Name, email, role, company.
Account Data: Login credentials, authentication logs.
Usage Data: IP addresses, device information, user actions.
Financial Data: Payment details (processed by third-party payment providers).

APPENDIX 2 – Security Measures

RecordsKeeper.AI ensures data security through:
Data Encryption – AES-256 encryption for all stored and transmitted data.
Access Control – Role-based permissions, MFA authentication.
Audit Logging – Real-time activity tracking and log monitoring.
Penetration Testing – Regular security audits and third-party risk assessments.

APPENDIX 3 – Approved Subprocessors

RecordsKeeper.AI partners with the following GDPR-compliant service providers:

 

Amazon Web Services (AWS) – Cloud hosting
Google Cloud – Cloud storage
Stripe – Payment processing
SendGrid – Email delivery
Intercom – Customer support chat
Twilio SMS – SMS authentication

Contact Information

For questions about this DPA, please contact:


RecordsKeeper.AI Compliance Team
📧 Email: [email protected]
📍 Address: Springhouse Co-working, DLF Grand Mall, Gurgaon, Haryana-122002


This DPA ensures RecordsKeeper.AI and its founders, directors, and employees are strongly protected, while maintaining compliance with global Data Protection Laws.

Transform Your Record Management Today

Experience the Power of AI-Driven Record Management

No Credit Card Required · Set Up in Minutes · 3-Day Free Trial

Try It, Free
Book a Demo

AI-Powered Records Management Automation Platform. Turning Data Chaos into Actionable Strategic Intelligence in Minutes.

Facebook Twitter Telegram Linkedin Youtube
Certified for Security & Compliance
Product
Features
Resources
Company

Disclaimer: All trademarks, logos, and brand names are the property of their respective owners. All company, product, and service names used on this website are for identification purposes only. Use of these names, trademarks, and brands does not imply endorsement or affiliation. This website does not claim any ownership over third-party intellectual property rights mentioned herein.

Copyright © 2025 Recordskeeper, Inc
All Rights Reserved
Book a Demo
Try It, Free