Data Processing Agreement (DPA)

nxio.ai / Mail Intelligence

Effective Date: January 15, 2025
Last Updated: January 15, 2025

1. Introduction and Scope

This Data Processing Agreement ("DPA") supplements and forms part of the Terms of Use between nxio.ai trading as Mail Intelligence ("nxio.ai", "Mail Intelligence", "Processor", "we", "us") and the Customer ("Controller", "you", "your") for the use of Mail Intelligence's email security and sentiment analysis services (the "Services").

This DPA applies when and only when Mail Intelligence processes Personal Data on behalf of the Customer in the course of providing the Services, and such processing is subject to Data Protection Laws.

1.1 Definitions

  • "Data Protection Laws" means all applicable privacy and data protection laws and regulations, including:
    • EU General Data Protection Regulation (GDPR) 2016/679
    • UK Data Protection Act 2018 and UK GDPR
    • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
    • Other applicable state, federal, and international privacy laws
  • "Personal Data" has the meaning given in applicable Data Protection Laws, and includes any information relating to an identified or identifiable individual that is processed by Mail Intelligence on behalf of Controller.
  • "Data Subject" means the identified or identifiable natural person to whom Personal Data relates.
  • "Sub-processor" means any third party engaged by Mail Intelligence to process Personal Data on behalf of Controller.

2. Data Processing Details

2.1 Subject Matter and Duration

  • Subject Matter: Analysis of email text, headers, and metadata for security threat detection and sentiment analysis
  • Duration: Duration of the Services agreement, plus the data retention periods specified herein
  • Nature and Purpose: Security analysis for threat detection, sentiment analysis, and temporary storage for analysis completion

2.2 Types of Personal Data

The Personal Data processed may include:

  • Email Body Content: Full text of email messages for security analysis and sentiment detection
  • Email Headers: Technical routing information, authentication data
  • Email Metadata: Sender, recipient email addresses, timestamps, subject lines
  • Account Information: Usernames, email addresses of users
  • Note: We do NOT store or require device information such as IP addresses or device identifiers

2.3 Categories of Data Subjects

Data Subjects may include:

  • Controller's employees, contractors, and business partners
  • Controller's customers and end-users
  • Email correspondents of Controller's users

Contact Information

Data Protection Officer:

Email: [email protected]
Response Time: 48 hours

Legal/DPA Questions:

Email: [email protected]

Security Issues:

Email: [email protected]
Emergency: 24/7 response

By using the Services, Controller acknowledges and agrees to the terms of this Data Processing Agreement.

*This DPA is effective as of January 15, 2025 and supersedes all previous data processing agreements between the parties.*

Document Version: 1.0
Last Legal Review: January 15, 2025
Next Review Date: January 15, 2026