Processing Addendum (DPA)

Data Processing Addendum (DPA)

Effective Date: 1 April 2026
Last Updated: 1 April 2026

This Data Processing Addendum (“DPA“) forms part of the Terms and Conditions between PRODUCTFLO LLP, operating the ProductFlo.ai platform (“ProductFlo.ai“, “Processor“, “we“, “us“, or “our“), and any customer, organization, or user (“Customer“, “Controller“, or “you“) using the ProductFlo.ai services.

This DPA governs the processing of Personal Data by ProductFlo.ai on behalf of Customers in connection with the use of the ProductFlo.ai platform, website, applications, integrations, and related services (“Services“).

By using the Services, the Customer agrees to the terms of this DPA.


1. Purpose of this DPA

The purpose of this DPA is to define the obligations and responsibilities of ProductFlo.ai and the Customer regarding the processing of Personal Data in compliance with applicable data protection laws, including but not limited to:

  • General Data Protection Regulation (EU) 2016/679 (“GDPR”)

  • UK GDPR

  • Digital Personal Data Protection Act, 2023 (India) (“DPDPA”)

  • California Consumer Privacy Act (“CCPA”), where applicable

  • Other applicable privacy and data protection laws


2. Roles of the Parties

For the purposes of applicable data protection laws:

  • The Customer acts as the Data Controller and determines the purposes and means of processing Personal Data.

  • ProductFlo.ai acts as the Data Processor and processes Personal Data solely on behalf of and according to the instructions of the Customer.

The parties acknowledge and agree to these respective roles.


3. Subject Matter of Processing

ProductFlo.ai provides AI-assisted product planning, business analysis, research synthesis, documentation generation, collaboration, and workflow management capabilities.

In providing the Services, ProductFlo.ai may process Personal Data submitted, uploaded, generated, or otherwise made available by the Customer.


4. Duration of Processing

ProductFlo.ai will process Personal Data for the duration of:

  • The Customer’s use of the Services;

  • Any applicable subscription period; and

  • Any reasonable retention period required to comply with legal, regulatory, security, or operational obligations.

Upon termination of the Customer relationship, ProductFlo.ai will delete or anonymize Personal Data in accordance with its Privacy Policy and applicable laws.


5. Categories of Personal Data

Depending on how the Customer uses the Services, ProductFlo.ai may process the following categories of Personal Data:

Account Information

  • Name

  • Email address

  • Job title

  • Organization or company name

  • Phone number (if provided)

User Content

  • Product ideas

  • Business requirements

  • Project documentation

  • Research notes

  • Reports

  • Uploaded files and attachments

Technical Information

  • IP addresses

  • Device identifiers

  • Browser information

  • Usage logs

  • Authentication information

Communication Data

  • Support requests

  • Feedback submissions

  • Survey responses

  • Communication records

ProductFlo.ai does not intentionally collect special categories of personal data unless explicitly submitted by the Customer.


6. Categories of Data Subjects

Personal Data may relate to:

  • Customers

  • Employees

  • Contractors

  • Authorized users

  • Business stakeholders

  • End users identified by the Customer

  • Other individuals whose information is submitted through the Services


7. Nature and Purpose of Processing

ProductFlo.ai may process Personal Data for the following purposes:

  • Providing access to the Services

  • Generating reports and documentation

  • AI-assisted analysis and recommendations

  • Collaboration and workflow management

  • Customer support

  • Authentication and account management

  • Service improvement and maintenance

  • Security monitoring and fraud prevention

  • Compliance with legal obligations

ProductFlo.ai shall process Personal Data only to the extent necessary to provide the Services and fulfill its contractual obligations.


8. Customer Responsibilities

The Customer represents and warrants that:

  • It has all necessary rights, permissions, and lawful bases to provide Personal Data to ProductFlo.ai.

  • It will comply with all applicable privacy and data protection laws.

  • It will not use ProductFlo.ai to process unlawful, prohibited, or unauthorized Personal Data.

  • It remains responsible for the accuracy, quality, and legality of Personal Data provided to ProductFlo.ai.

The Customer shall not submit sensitive personal information unless necessary and legally permitted.


9. ProductFlo.ai Obligations

ProductFlo.ai agrees to:

Process Data Only on Instructions

Process Personal Data only as necessary to provide the Services or as otherwise instructed by the Customer.

Maintain Confidentiality

Ensure that personnel authorized to process Personal Data are subject to confidentiality obligations.

Implement Security Measures

Maintain reasonable technical and organizational measures designed to protect Personal Data from:

  • Unauthorized access

  • Accidental loss

  • Alteration

  • Disclosure

  • Destruction

Assist with Data Subject Requests

Provide reasonable assistance to Customers responding to requests involving:

  • Access

  • Correction

  • Deletion

  • Portability

  • Restriction of processing

where technically feasible and legally permissible.


10. Security Measures

ProductFlo.ai maintains appropriate security measures including, where applicable:

  • Encryption of data in transit

  • Secure authentication mechanisms

  • Access controls and permissions

  • Security monitoring and logging

  • Vulnerability management processes

  • Backup and disaster recovery procedures

  • Administrative access protection measures

ProductFlo.ai may update or improve security measures from time to time without reducing the overall level of protection.


11. Sub-Processors

The Customer authorizes ProductFlo.ai to engage third-party service providers (“Sub-Processors“) to support delivery of the Services.

Sub-Processors may include providers of:

  • Cloud hosting services

  • Database infrastructure

  • Analytics services

  • Email delivery services

  • Authentication services

  • Customer support platforms

  • Collaboration and productivity tools

ProductFlo.ai shall take reasonable steps to ensure Sub-Processors are subject to appropriate contractual obligations regarding Personal Data protection.


12. International Data Transfers

ProductFlo.ai may process or store Personal Data in countries outside the Customer’s jurisdiction.

Where required by applicable law, ProductFlo.ai will implement appropriate safeguards for international transfers, including:

  • Standard Contractual Clauses (SCCs)

  • Contractual protections

  • Technical and organizational safeguards

By using the Services, the Customer acknowledges and authorizes such transfers where necessary to provide the Services.


13. Data Subject Rights

Where applicable, ProductFlo.ai shall provide reasonable assistance to Customers in responding to requests relating to:

  • Access to Personal Data

  • Rectification of inaccurate information

  • Deletion of Personal Data

  • Data portability

  • Restriction or objection to processing

The Customer remains responsible for handling and responding to such requests.


14. Data Breach Notification

If ProductFlo.ai becomes aware of a confirmed security incident affecting Personal Data processed on behalf of a Customer, ProductFlo.ai will:

  • Investigate the incident;

  • Take reasonable steps to mitigate its impact;

  • Notify affected Customers without undue delay where required by applicable law; and

  • Provide available information reasonably necessary to assist the Customer.

Notification of a security incident shall not be construed as an admission of fault or liability.


15. Deletion and Return of Data

Upon termination of the Services or written request by the Customer, ProductFlo.ai may:

  • Delete Personal Data;

  • Return available Personal Data to the Customer; or

  • Anonymize Personal Data for legitimate business purposes,

subject to legal, regulatory, security, or operational retention requirements.


16. Audit and Information Requests

ProductFlo.ai will make available reasonable information necessary to demonstrate compliance with this DPA.

To protect the confidentiality and security of other customers, ProductFlo.ai may satisfy such requests through:

  • Security documentation;

  • Written responses;

  • Compliance statements; or

  • Other reasonable means.


17. Limitation of Liability

The liability of each party under this DPA shall be subject to the limitations and exclusions set forth in the ProductFlo.ai Terms and Conditions.

Nothing in this DPA shall be interpreted as expanding either party’s liability beyond what is provided in the Terms and Conditions.


18. Changes to this DPA

ProductFlo.ai may update this DPA from time to time to reflect:

  • Changes in applicable law;

  • Operational improvements;

  • Security enhancements; or

  • Service modifications.

Updated versions will be published on this page with a revised “Last Updated” date.

Continued use of the Services after publication constitutes acceptance of the updated DPA.


19. Contact Information

For questions regarding this Data Processing Addendum or data protection matters, please contact:

PRODUCTFLO LLP
📧 support@productflo.ai
🌐 ProductFlo.ai


Effective Date: 1 April 2026
Last Updated: 1 April 2026