This Data Processing Addendum (“DPA”) forms part of the MASIN AI Terms and Conditions, Privacy Policy and Cookie Policy available at [INSERT URL OF TERMS AND CONDITIONS, PRIVACY POLICY and COOKIE POLICY] (the “Agreements”) and is entered into by and between the Client executing or otherwise agreeing to this DPA (“Client”) and MASIN AI Project Private Limited (“MASIN AI” or the “Company”). Client and MASIN AI are each referred to as a “Party” and collectively as the “Parties”. Client enters into this DPA on its own behalf and, where required under applicable law, on behalf of its Authorized Affiliates for which MASIN AI processes Personal Data. MASIN AI may update or amend this DPA from time to time to reflect changes in applicable law or in MASIN AI’s Services or internal practices.

All capitalized terms not defined herein shall have the meaning set forth in the Agreements. In providing Services to Client pursuant to the Agreement, MASIN AI may process Client Personal Data on behalf of Client and the parties agree to comply with the following provisions with respect to any Client Personal Data.

1. Definitions

1.1 “Affiliate” shall have the meaning as mentioned under Article 1.1 of Privacy Policy.

1.2 “Authorized Affiliate” means any Affiliate of Client (a) which is permitted to use the Services pursuant to the Agreements between Client and MASIN AI, (b) which has not signed its own Order Form with MASIN AI and is not itself a “Client” under the Agreements, and (c) with respect to which MASIN AI processes Personal Data.

1.3 “Applicable law” means the Digital Personal Data Protection Act, 2023 and its rules, as amended from time to time, and any other Indian privacy, data protection, or cybersecurity laws applicable to the Processing of Client Personal Data in connection with the Services.

1.4 “Data Principal” means an individual to whom the Personal Data relates.

1.5 “Data Fiduciary” shall have the meaning as mentioned under Article 1.9 of Privacy Policy.

1.6 “Personal Data” shall have the meaning as mentioned under Article 1.14 of the Terms and Conditions.

1.7 “Process”, “Processes”, “Processing” or “Processed” shall have the meaning as mentioned under Article 1.3 of Privacy Policy.

1.8 “Privacy Authority” means the Data Protection Board of India or any competent regulator, authority, or government body with responsibility for data protection, privacy, or cybersecurity matters in India.

1.9 “Security Incident” shall have the meaning as mentioned under Article 10.10 of the Terms and Conditions.

1.10 “Core Services” shall have the meaning as mentioned under Article 2 of the Terms and Conditions.

1.11 “Sub Processor” shall have the meaning as mentioned under Article 10.5 of the Terms and Conditions.

2. Scope and Roles

2.1 Scope. This DPA applies to MASIN AI’s Processing of Client Personal Data under the Agreements to the extent such Processing is subject to applicable law.

2.2 Roles. For purposes of this DPA, Client is the Data Fiduciary and MASIN AI is the Data Processor with respect to Client Personal Data.

2.3 Governing Law. This DPA is governed by the governing law specified in the Terms and Conditions under Article 15.

3. Processing Requirements

3.1 Documented Instructions. MASIN AI shall process Personal Data solely on the documented instructions of Client, including those set forth in the Agreements and this DPA, except where otherwise required by applicable law. Where MASIN AI is required under applicable law to process Personal Data beyond Client’s documented instructions, MASIN AI shall, to the extent legally permitted, notify Client of such legal requirement prior to commencing the Processing. MASIN AI shall not be obliged to comply with instructions that MASIN AI reasonably believes to be unlawful, infeasible, or inconsistent with the Agreements or this DPA.

3.2 Purpose Limitation. MASIN AI shall process Personal Data only to the extent necessary to provide the Services, to perform its obligations under the Agreements, or as otherwise permitted by Applicable law. MASIN AI shall not process Personal Data for any additional or incompatible purpose unless expressly authorized by Client or required under Applicable law. MASIN AI may maintain and process Personal Data as necessary for legitimate business operations permitted by Applicable law, provided such Processing does not materially reduce the protection afforded to Personal Data under this DPA.

4. Client Responsibilities

4.1 Client shall, in its use of the Services, Process Personal Data in accordance with the requirements of applicable law, including without limitation in accordance with any requirements to obtain consent, or other legal basis, for processing by, or transfer to, MASIN AI. For the avoidance of doubt, Client’s instructions for the Processing of Personal Data shall comply with applicable Law. Client shall have sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which Client acquired Personal Data.

4.2 Support. Client acknowledges and agrees that Personal Data provided or made available to MASIN AI for Processing in connection with support shall consist of business contact information only, in the form of support ticket authentication data, relating to Client’s employees, agents or contractors only (“Support Authentication Data”). Support Authentication Data contains the following categories of data: First and Last Name, Title, Location, Employer and Contact Information (company, email, phone, physical business address), Username, optional avatar if provided for the support community, language preference, preferred hours of contact and IP Address. Client and its users are prohibited from submitting attachments to, or screensharing with, support when such attachments or screensharing contain Personal Data or protected health information.

5. Confidentiality

Shall have the meaning as mentioned under Article 9 of the Terms and Conditions.

6. Data Subject Requests and Assistance

12.1 Data Subject requests. If MASIN AI receives a Data Principal request about Personal Data, MASIN AI will promptly notify Client and, unless MASIN AI is legally required to respond, will direct the request to Client. MASIN AI will not respond to such requests except (a) as expressly instructed by Client in writing; or (b) where required by law, in which case MASIN AI may respond to the minimum extent necessary. Client is solely responsible for authenticating the requester’s identity and for the legal sufficiency of any response. MASIN AI may decline or defer any request that is unlawful, unclear, unverified, or would compromise the security or confidentiality of MASIN AI’s systems or other Clients’ data.

12.2 Assistance. Taking into account the nature of the Processing and the information available to MASIN AI, MASIN AI will use reasonable efforts to assist Client to the extent Client cannot reasonably fulfil such requests independently. Such assistance is conditional on Client’s (i) timely written request through MASIN AI’s designated support channel; (ii) provision of complete and accurate information, authentication criteria, and response templates; and (iii) payment of MASIN AI’s applicable fees on a time‑and‑materials basis.

7. Authorized Affiliates

13.1 Application. The Parties acknowledge and agree that, by entering into the Agreements, Client enters into this DPA on its own behalf and, where required by Applicable law, on behalf of its Authorized Affiliates. Each Authorized Affiliate for whom MASIN AI processes Personal Data shall be deemed to have agreed to be bound by the terms of this DPA and, where applicable, the Agreements. For clarity, Authorized Affiliates are not Parties to the Agreements and shall not obtain any rights or remedies thereunder except as expressly stated in this DPA. All access to and use of the Services by Authorized Affiliates shall comply with the Agreements and this DPA, and any act or omission by an Authorized Affiliate in breach thereof shall be deemed an act or omission of Client, for which Client shall remain fully responsible and liable to MASIN AI.

13.2 The Client that is the contracting party to the Agreement shall remain responsible for coordinating all communication with MASIN AI under this DPA and be entitled to make and receive any communication in relation to this DPA on behalf of its Authorized Affiliates.

13.3 Where an Authorized Affiliate becomes a party to this DPA, it shall to the extent required under applicable law, be entitled to exercise the rights and seek remedies under this DPA, subject to the following: Except where applicable law require the Authorized Affiliate to exercise a right or seek any remedy under this DPA against MASIN AI directly by itself, the parties agree that (i) solely the Client that is the contracting party to the Agreements shall exercise any such right or seek any such remedy on behalf of the Authorized Affiliate, and (ii) the Client that is the contracting party to the Agreements shall exercise any such rights under this DPA not separately for each Authorized Affiliate individually but in a combined manner for all of its Authorized Affiliates together.

8. Limitation of Liability

Shall have the meaning as mentioned under Article 11.3 of the Terms and Conditions.

9. Order of Precedence

In the event of inconsistencies between the provisions of the Standard Contractual Clauses and this DPA or other Agreements between the Parties regarding the processing of Personal Data, the order of precedence shall be: the applicable Standard Contractual Clauses, followed by the DPA, followed by other agreements between the Parties.

10. Change in Terms

16.1 MASIN AI may update this DPA to reflect (a) changes required by Applicable Law, or (b) updates to MASIN AI’s Services, systems, or practices. MASIN AI will give prior written notice of any material change, unless a law or order requires immediate change.

16.2 If Client reasonably objects to a material change that materially reduces protections for Client Personal Data, the parties will negotiate in good faith to resolve it, unless such material change is necessitated under any applicable law for the time being in force.

16.3 If no resolution is reached, Client may terminate only the part of the Services directly and adversely affected by the change, by written notice to MASIN AI.

16.4 Financial Obligations Upon Termination. If Client terminates under 16.3: (a) Client must pay all outstanding and overdue fees and charges up to the termination date, including any applicable late charges or interest; and (b) if a fixed subscription term or minimum duration remains, Client must pay the fees for the unexpired subscription period for the terminated Services (or an early termination fee equal to those remaining fees), unless prohibited by applicable law.