Data Processing Agreement of Ahilab

Data Processing Agreement (DPA)

Data Processing Agreement (DPA)

This Data Processing Agreement (“DPA”) is entered into by and between Augmented Human Intelligence Ltd., doing business as Ahilab.co (“Processor,” “we,” “us,” or “our”), and you (“Controller,” “developer,” “you,” or “your”). This DPA supplements and forms part of the Terms and Conditions (the “Main Agreement”) governing your use of Ahilab’s API and services (the “Services”).


1. Definitions

  • “Controller” means the natural or legal person (e.g., the Gen AI developer) who determines the purposes and means of the processing of Personal Data.
  • “Processor” means the entity that processes Personal Data on behalf of the Controller, in this case Ahilab.co.
  • “Personal Data” means any information relating to an identified or identifiable natural person (“Data Subject”) that is transferred by Controller to Processor or otherwise made available to Processor as part of the Services.
  • “PII” or “Personally Identifiable Information” means any subset of Personal Data that could be used to identify or locate a single person.
  • “Sub-processor” means any third party authorized by Processor to process Personal Data on behalf of the Controller.
  • “Services” means the monetization and sponsorship-matching services provided by Ahilab.co, including API integration for prompt processing.

2. Roles and Responsibilities

Under this DPA and for the purposes of applicable data protection laws (e.g., GDPR):

  • Controller: You, the developer, are the Controller of any Personal Data that end users may provide through your Gen AI application(s) when using Ahilab’s Services.
  • Processor: Ahilab.co acts solely as a Processor on your behalf, processing Personal Data (if any) strictly in accordance with the documented instructions provided by you and this DPA.

3. Subject Matter and Nature of Processing

Ahilab.co provides an API that allows developers of Gen AI applications to display sponsored content or ads within their apps. End users may submit prompts to your application, which you then pass to Ahilab.co’s API for the purpose of contextual or otherwise relevant sponsorship matching.

No PII Storage: Ahilab.co is designed to operate without storing or retaining PII. We employ automated detection mechanisms (e.g., Amazon Comprehend) to identify and remove PII before processing a prompt. Our systems aim to ensure that no Personal Data is retained or analyzed beyond what is strictly necessary to match the prompt to an appropriate sponsored content.


4. Duration

This DPA is effective for as long as Ahilab.co processes Personal Data on your behalf under the Main Agreement. In the event the Main Agreement is terminated, this DPA shall automatically terminate, except for any provisions that by their nature should survive.


5. Consent Collection by Developers

Controller’s Responsibility: You represent and warrant that you have obtained (or will obtain) valid, explicit consent from your end users to process any Personal Data through Ahilab.co’s API as required by applicable data protection laws (e.g., GDPR). This includes consent to transmit prompts, which may inadvertently include PII.

No Direct End-User Consent: Ahilab.co does not directly collect consent from end users. We rely on you, as the Controller, to ensure that such consent has been lawfully obtained and documented. If you do not obtain consent or if you fail to comply with relevant data protection laws, you acknowledge that this constitutes a breach of this DPA and the Main Agreement, and you assume all associated liability.


6. Prompt Transmission and PII Detection

  • Submission of Prompts: When an end user interacts with your Gen AI application, you may send the user’s prompt to Ahilab.co’s API for sponsorship matching.
  • Use of Amazon Comprehend: We use Amazon AWS Comprehend to detect any potential PII within the prompt before further processing. If PII is detected, we strive to exclude or redact it so that no PII enters our sponsorship-matching workflow.
  • Residual PII Risks: While our automated detection mechanism is designed to identify and exclude PII, we do not guarantee it will capture every instance of PII. Inadvertent or residual PII may pass through. Ahilab.co expressly disclaims liability for any such occurrences where the Controller has not taken reasonable steps to prevent the transmission of PII.

7. IP Country Location for Analytics

When an end user clicks on sponsored content delivered through our Services, Ahilab.co may access the user’s IP address for the limited purpose of determining the user’s country location. This country-level analytics data is used for ad performance metrics and reporting. We do not store or process full IP addresses beyond what is strictly necessary for real-time or near real-time analytics.

Additionally, if a user lands on the advertiser’s website after clicking on sponsored content, the user may be presented with a cookie consent banner on that advertiser’s website, where Ahilab may be listed as a partner involved in processing traffic and analytics. The advertiser is responsible for its own cookie and data practices, including compliance with all applicable data protection laws.


8. Storage and Retention

  • No PII Storage by Default: Our system is configured not to store prompts containing PII. Any inadvertently received PII is removed or redacted before further processing.
  • Deletion or Anonymization: Any transient data that does not contain PII is used solely for the ad-matching process and is not stored in a form that can re-identify a Data Subject. If any such data is inadvertently stored, we will delete or anonymize it as soon as practicable.

9. Data Subject Rights

You, as the Controller, are responsible for responding to any requests from Data Subjects to exercise their rights (e.g., access, rectification, erasure, restriction, portability) under applicable data protection laws. Ahilab.co will assist you by providing any information in its possession necessary for you to fulfill such requests, to the extent required by applicable law and feasible within our system architecture.


10. Sub-processors

Ahilab.co engages Amazon AWS Comprehend as a Sub-processor for PII detection. By accepting this DPA, you authorize us to use Amazon AWS Comprehend for these specific processing activities. We may engage other Sub-processors from time to time, and will notify you of any significant changes as required by law or contractual obligations. All Sub-processors will be bound by written agreements that require them to provide at least the same level of data protection as required by this DPA.


11. Technical and Organizational Measures (TOMs)

Ahilab.co implements and maintains commercially reasonable technical and organizational measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include, but are not limited to:

  • Access Controls: Role-based permissions to ensure only authorized personnel can access relevant systems and data.
  • Encryption: Encryption of data in transit, where feasible, especially between your application and our API endpoints.
  • Network Security: Use of secure network protocols (e.g., HTTPS) and firewalls for data exchange.
  • Logging and Monitoring: Implementation of security monitoring and logging to detect and respond to unauthorized activities.
  • PII Detection: Automated scanning and redaction mechanisms to remove PII before processing.

12. Liability and Indemnification

The limitations of liability set forth in the Main Agreement apply to this DPA. Notwithstanding the foregoing, each party shall be responsible for damages caused by its own violation of applicable data protection laws. You agree to indemnify and hold harmless Ahilab.co from and against any claims arising from your failure to obtain proper consent from end users, transmit data lawfully, or otherwise comply with your obligations as Controller under this DPA and applicable data protection legislation.


13. Breach Notification

In the event of any unauthorized or unlawful access to Personal Data or accidental loss, destruction, or alteration of Personal Data (“Data Breach”), Ahilab.co will promptly notify you in accordance with applicable data protection laws. This notification will include, where possible, the nature of the Data Breach, the categories and approximate number of Data Subjects affected, and the measures taken or proposed to address the breach.


14. Audit and Compliance

Upon your reasonable written request, Ahilab.co will make available documentation necessary to demonstrate compliance with this DPA. Any audits shall be conducted in a manner that does not disrupt business operations, subject to reasonable confidentiality obligations, and in accordance with the procedures outlined in the Main Agreement.


15. Termination and Return/Deletion of Data

  • Termination: This DPA terminates automatically upon the termination or expiration of the Main Agreement or if you cease using Ahilab.co’s Services.
  • Data Return/Deletion: Given that Ahilab.co does not store PII, there is no Personal Data for return or persistent deletion. Any transient data is deleted or irreversibly anonymized upon completion of the sponsorship-matching process.

16. Governing Law and Jurisdiction

This DPA is governed by the same laws and jurisdiction specified in the Main Agreement, unless otherwise required by applicable data protection laws.


17. Contact Information

If you have any questions regarding this DPA or wish to exercise any legal rights under data protection laws, you may contact Ahilab.co at:

Email: admin@ahilab.co


By confirming acceptance (e.g., via checkbox) during the onboarding process or by continuing to use Ahilab.co’s Services, you acknowledge that you have read, understood, and agree to be bound by this DPA.

Copyright © 2024 Augmented Human Intelligence Ltd. All rights reserved.