Skip to main content

Data Processing Agreement (DPA)

Art. 28 GDPR A GDPR-compliant Data Processing Agreement is available for every customer and strongly recommended before processing personal data. Below you will find a summary of the key contents, roles, annexes, and download links.

Sign the DPA digitally
Request and sign the DPA fully online. No postal mail, no paperwork.
Request DPA digitally

What does the DPA cover?

📋Standard contract

Legally compliant DPA template for all customers, also available as PDF download.

🔒Scope

Purpose limitation, deletion obligations, security measures, and subprocessor management.

📧Questions?

Contact our Data Protection Officer: Norton Engele, privacy@sally.io

Key Contents

🎯Purpose of processing

Transcription and analysis of online meetings using AI, only on your documented instruction.

👥Roles

Sally AI (Aliru GmbH) acts as Processor. You, the customer, are the Controller.

📊Data processed

Meeting conversation data: audio, video, transcripts, and participant details.

🇪🇺Storage & location

Exclusively within the EU (preferably Germany). Encrypted storage. No third-country transfers.

🛡️Security measures

Documented in Annex 1: access control, encryption, backups, audit logging, and more.

🔗Subprocessors

Listed in Annex 3: Microsoft Azure, AWS, DeepL, Stripe, and others. All EU-based.

🗑️Deletion policy

Data is deleted or returned within 30 days after contract end, with written confirmation.

🚫No AI training

Your data is never used to train or improve language models. Contractually guaranteed.

🔍Audit rights

You may review compliance and request certifications, audit reports, and other evidence.

Incident response

We notify you of any personal data breach within 24 hours of becoming aware.

Annexes

1
Technical & Organisational Measures (TOMs)
Encryption, access control, backups, monitoring, and more.
2
Record of Processing Activities
What data is processed, for what purpose, and on what legal basis.
3
List of Subprocessors
All third-party providers involved, with purpose and location.
4
Data Protection Impact Assessment (DPIA)
Risk assessment for the processing of personal data.
5
AI Compliance Declaration
Statement of compliance with the EU AI Act (Regulation 2024/1689).
6
EU AI Act Regulation Details
Detailed obligations under the AI Act and how Sally AI meets them.
7
Process Descriptions
How Sally AI processes data during meetings, step by step.

Download the Full DPA

Questions about the DPA?
Data Protection Officer: Norton Engele
Contact Us