Data Processing Agreement

Effective Date: 1 April, 2024

This Data Processing Agreement ("Agreement") forms part of the Terms of Use and Privacy Policy between AGZ Technologies Private Limited ("Processor", "Macha", "we", "us", or "our") and the Customer ("Controller", "you", or "your") for the provision of services via the Macha platform ("Services").

1. Purpose and Scope

This Agreement governs the Processing of Personal Data by Macha on behalf of the Customer for the purpose of providing AI assistant services, ticket analysis, and customer support optimization.

2. Roles and Responsibilities

  • The Customer is the Data Controller.
  • Macha is the Data Processor.

3. Data Categories and Subjects

Macha processes:

  • Customer end-user data (e.g. names, emails, messages)
  • Support ticket content and metadata
  • Help center articles and product data

Data subjects include:

  • Your employees
  • Your customers and end-users

4. Data Processing Instructions

Macha shall only process Personal Data in accordance with:

  • Documented instructions from the Customer
  • Applicable laws (e.g., GDPR)
  • Purposes outlined in the Privacy Policy

5. Sub-processors

Macha uses vetted sub-processors including:

  • Supabase (Frankfurt, Germany) – for data embeddings
  • MongoDB (Frankfurt, Germany) – for config data
  • DigitalOcean (Frankfurt, Germany) – for hosting
  • OpenAI – for generative responses
  • Stripe – for billing

Macha ensures all sub-processors comply with equivalent data protection obligations through written agreements.

6. Data Location & Transfers

Data is primarily processed in Frankfurt, Germany. When data is transferred outside the EEA (e.g. to OpenAI in the US), Macha ensures such transfers are made using:

  • Standard Contractual Clauses (SCCs) or
  • EU-U.S. Data Privacy Framework, where applicable

7. Security Measures

Macha implements technical and organizational measures including:

  • AES-256 encryption at rest
  • Email OTP authentication
  • Role-based access control
  • Separation of decryption keys
  • PII redaction before storage
  • Data minimization and retention policies

Full details are available in our Security Overview.

8. Data Subject Rights

Macha assists the Customer in fulfilling its obligations to respond to data subject requests, including access, correction, and deletion, as per Articles 15-22 of GDPR.

9. Data Retention and Deletion

  • Trial users: Data is retained for 30 days post-trial
  • Paid users: Data is retained for 30 days post-termination
  • Early deletion available upon request

Data is deleted securely and permanently after the retention period unless legal obligations require longer retention.

10. Breach Notification

Macha shall notify the Customer without undue delay upon becoming aware of a personal data breach, including:

  • Nature of breach
  • Impact
  • Mitigation steps
  • Contact for further information

11. Audit Rights

The Customer may audit Macha's data processing practices, subject to:

  • Reasonable notice
  • No more than once per year
  • Confidentiality of other customers' data

12. Term and Termination

This DPA remains in effect while Macha processes personal data on behalf of the Customer. Upon termination, Macha will delete or return all Personal Data unless retention is required by law.

13. Contact

Questions or requests related to this DPA may be sent to: 📧 support@getmacha.com

Macha AI is a toolkit of Zendesk-native apps that help support teams work faster and smarter. We bring reliable, easy-to-use AI directly into your Zendesk workspace.
Home
Home
All Apps
All Apps
Pricing
Pricing
Blog
Blog
Book A Demo
Book A Demo
Help Center
Home
Privacy Policy
Privacy Policy
Refund Policy
Refund Policy
Terms of Service
Blog
Security
Security
Security
Book A Demo
DPA
Security
Security
Book A Demo
Copyright Macha. All Rights Reserved