Want to hear what zero missed calls sounds like?

Data Processing Agreement

Last updated: April 5, 2026

1. Parties

This Data Processing Agreement ("DPA") is entered into between the Client ("Controller") and Nexlify LLC, operating as Agentis ("Processor"). The Processor provides AI receptionist services on behalf of the Controller under the terms of the applicable service agreement.

2. Scope & Purpose

The Processor processes personal data solely for the purpose of delivering the AI receptionist service, which includes answering inbound calls, booking appointments, capturing leads, and providing call transcription and recording services as configured by the Controller.

3. Types of Personal Data Processed

The following categories of personal data may be processed: call recordings and transcriptions, caller phone numbers, appointment details (date, time, type of service), business information provided during onboarding, and contact information of the Controller's staff and patients/clients.

4. Sub-processors

The Processor uses the following sub-processors to deliver the service: LiveKit (real-time voice infrastructure), Deepgram (speech-to-text transcription), ElevenLabs (text-to-speech voice synthesis), OpenAI (natural language understanding and response generation), Supabase (database and data storage), and Vercel (application hosting and delivery). The Controller is deemed to have authorized the use of these sub-processors by entering into the service agreement.

5. Data Retention

Call logs, recordings, and transcriptions are retained for 90 days from the date of the call, after which they are automatically deleted. Business configuration data provided during onboarding is retained indefinitely for the duration of the service agreement and deleted within 30 days of account termination.

6. Security Measures

The Processor implements appropriate technical and organizational measures to protect personal data, including: encryption in transit using TLS for all data transmissions, encryption at rest via Supabase's built-in encryption, role-based access controls limiting data access to authorized personnel, audit logging of all administrative actions, and regular review of security practices.

7. Data Subject Rights

The Controller may submit requests for data subject rights (access, rectification, erasure, restriction, portability, or objection) on behalf of data subjects. The Processor will comply with verified deletion requests within 30 days of receiving a written request. Requests should be submitted in writing to the contact address below.

8. Contact

For questions about this Data Processing Agreement or to submit data-related requests, please contact us at hello@getagentis.ai