The terms under which ParrotB processes personal data on your behalf as a processor under the GDPR - sub-processors, security measures and transfers.
Data Controller: The business entity or sole trader who has registered a ParrotB account ("Customer").
Data Processor: Luis Landi Unipessoal Lda, trading as ParrotB ("ParrotB", "we"), operator of the ParrotB platform at parrotb.com. NIF: 517125595. Registered address: Rua 27 de Junho, n29, Quintas, 2040-143 Rio Maior, Portugal. Contact: hello@parrotb.com. Pursuant to Article 28 of the EU General Data Protection Regulation (GDPR 2016/679). Version 1.0 - effective January 2025.
ParrotB processes personal data on behalf of the Customer to provide the AI voice receptionist service, including:
Special categories (Art. 9): Call transcripts may incidentally contain health or other sensitive data volunteered by callers. ParrotB does not seek such data but processes it as part of the transcript under the same safeguards.
ParrotB undertakes to:
The Customer authorises ParrotB to engage the following sub-processors. ParrotB will provide at least 30 days' prior written notice (by email to the Customer's registered address) of any intended addition or replacement of sub-processors. The Customer may object in writing within that period on reasonable grounds relating to data protection. Where no objection is raised, the change takes effect after 30 days.
| Sub-processor | Purpose | Location | Safeguard |
|---|---|---|---|
| Supabase | Database, auth | Frankfurt, EU | EU hosting |
| Telnyx | Voice AI, telephony, SMS | US | SCCs (Art. 46) |
| Stripe | Payments | US | SCCs (Art. 46) |
| Calendar integration | US | SCCs (Art. 46) | |
| Vercel | Hosting, edge functions | Frankfurt, EU | EU hosting |
| Resend | Transactional email | US | SCCs (Art. 46) |
| Backblaze B2 | Call recording storage | US | SCCs (Art. 46) |
| Sentry | Error monitoring | US | SCCs (Art. 46) |
| OpenAI | AI language model | US | SCCs (Art. 46) |
The Customer (Data Controller) warrants and undertakes to:
ParrotB shall make available to the Customer all information reasonably necessary to demonstrate compliance with this DPA and with Art. 28 GDPR.
The Customer may conduct an audit (or appoint an independent auditor bound by confidentiality) no more than once per calendar year, with at least 30 days' written notice. Audits must be conducted during business hours, must not unreasonably disrupt ParrotB operations, and must not access other customers' data. The Customer bears the cost of any such audit.
In practice, ParrotB will first respond to written information requests before any on-site audit is arranged.
The Customer remains responsible for responding to data subject rights requests. ParrotB will assist within 5 business days upon written request to hello@parrotb.com. A self-service data export (JSON/CSV) and account deletion flow is available in the dashboard at Settings > Privacy & Data.
ParrotB will notify the Customer without undue delay (and within 72 hours where feasible) of any personal data breach affecting Customer data, providing the information required by Art. 33(3) GDPR.
This DPA remains in force for the duration of the Customer's subscription. Upon termination, ParrotB will delete Customer data within 30 days (except where retention is required by law) and provide written confirmation on request.
This DPA is governed by the law of the EU member state in which the Customer is established, or EU law where applicable. Disputes shall be referred to the competent supervisory authority or courts in the Customer's jurisdiction.
DPA queries and data subject rights assistance requests: hello@parrotb.com.
This English version is the reference text. Italian and Spanish translations are provided for convenience.