Get Started Free

Data Processing Agreement

Effective Date: April 17, 2026

This Data Processing Agreement (“DPA”) is entered into between i3Simple (“Processor”) and the customer (“Controller”) and governs the processing of personal data by i3Simple on behalf of the customer in connection with the provision of the Service. This DPA is incorporated into and forms part of the Terms of Service. In the event of any conflict, this DPA shall prevail with respect to data processing matters.

Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person as defined under applicable data protection law, including the GDPR and CCPA.
  • Processing: Any operation performed on personal data, including collection, storage, use, disclosure, or deletion.
  • Data Subject: The individual whose personal data is being processed.
  • Sub-processor: Any third party engaged by i3Simple to process personal data on behalf of the customer.

Scope of Processing

Nature and Purpose: i3Simple processes personal data solely for the purpose of providing the Service. Processing activities include storing contact information uploaded by the customer, processing call recordings and transcripts, generating AI analysis of call content, providing analytics and reporting, and facilitating integrations with third-party systems.

Categories of Data: Contact names and phone numbers, email addresses, call recordings and voice data, conversation transcripts, AI-generated summaries and sentiment analysis, lead scores and qualification data, and any custom fields configured by the customer.

Duration: i3Simple will process personal data for the duration of the customer’s subscription and for 90 days following account termination, after which all personal data will be permanently deleted unless retention is required by applicable law.

Customer Obligations

The customer as Controller represents and warrants that it: has a lawful basis for processing all personal data submitted to the platform; has provided all required notices to data subjects; has obtained all required consents where consent is the lawful basis; and complies with all applicable data protection laws.

i3Simple Obligations

i3Simple as Processor agrees to: process personal data only on documented instructions from the customer; ensure authorized personnel are subject to confidentiality obligations; implement appropriate technical and organizational security measures; assist the customer in responding to data subject requests; notify the customer of data breaches within 72 hours of becoming aware; delete or return all personal data upon termination; and provide all information necessary to demonstrate compliance with this DPA.

Sub-processors

The customer authorizes i3Simple to engage the following sub-processors:

  • Twilio Inc. — Telephony services — United States
  • ElevenLabs Inc. — Voice synthesis — United States
  • OpenAI Inc. — Language processing — United States
  • Stripe Inc. — Payment processing — United States
  • Contabo GmbH — Server infrastructure — Germany and United States

i3Simple will notify the customer of any intended changes to sub-processors with at least 30 days advance notice. The customer may object to new sub-processors within 14 days of notification.

Data Subject Rights

i3Simple will assist the customer in fulfilling data subject rights requests including access, rectification, erasure, restriction, and portability requests. Upon receiving a data subject request directly, i3Simple will promptly forward it to the customer for handling.

Security Measures

  • Encryption of data in transit using TLS 2+ or higher
  • Encryption of data at rest using AES-256 encryption
  • Access controls limiting data access to authorized personnel
  • Regular security assessments and penetration testing
  • Incident response procedures for data breaches
  • Employee security training and background checks

International Data Transfers

Personal data is stored on servers located in the United States. For customers in the European Economic Area, transfers are conducted pursuant to Standard Contractual Clauses adopted by the European Commission. Customers may request a copy by contacting legal@i3simple.com.

Contact

i3Simple Data Protection • 4010 Dupont Circle, Louisville, Kentucky, 40207
Email: legal@i3simple.com