Data Processing Agreement
Last updated: July 9, 2026
This Data Processing Agreement ("DPA") forms part of the agreement between you ("Customer", "Controller", or "you") and eLLMo AI ("eLLMo", "Processor", "we", or "us") for the provision of the eLLMo AI platform and related services (the "Services").
This DPA applies when eLLMo processes Personal Data on your behalf in connection with the Services and you act as a data controller (or equivalent under applicable data protection law). It supplements our Terms & Conditions and Privacy Policy. If there is a conflict between this DPA and the Terms regarding the processing of Personal Data, this DPA controls.
By using the Services, you agree to this DPA on behalf of yourself and, to the extent required under applicable law, on behalf of any entity you represent.
1. Definitions
In this DPA:
- "Applicable Data Protection Law" means all laws relating to the protection of Personal Data that apply to the processing of Personal Data under this DPA, including the EU General Data Protection Regulation 2016/679 ("GDPR"), the UK GDPR, and applicable U.S. state privacy laws.
- "Customer Data" means Personal Data that you or your end users submit to, store in, or process through the Services.
- "Data Subject" means an identified or identifiable natural person to whom Personal Data relates.
- "Personal Data" means any information relating to an identified or identifiable natural person that is processed by eLLMo on your behalf in connection with the Services.
- "Personal Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data processed by eLLMo on your behalf.
- "Processing" means any operation performed on Personal Data, such as collection, storage, use, disclosure, or deletion.
- "Sub-processor" means a third party engaged by eLLMo to process Personal Data on your behalf.
- "Standard Contractual Clauses" or "SCCs" means the standard contractual clauses approved by the European Commission (or UK equivalent) for the transfer of Personal Data to countries that do not provide an adequate level of data protection.
Capitalized terms not defined in this DPA have the meanings given in our Terms & Conditions.
2. Subject Matter, Nature, and Purpose of Processing
eLLMo processes Personal Data on your behalf to provide, maintain, secure, and improve the Services you have subscribed to. Processing activities may include:
- Hosting and storing Customer Data in our systems
- Authenticating users and enforcing access controls
- Running AI-powered features you request (such as content analysis, insights, and simulations)
- Processing analytics and events data from integrations you configure
- Providing customer support and troubleshooting
- Processing billing and subscription information
- Backing up data and maintaining service reliability
- Complying with legal obligations applicable to eLLMo
eLLMo will process Personal Data only on your documented instructions as set out in this DPA, the Terms, your use of the Services, and any written instructions you provide through support channels, unless required by applicable law.
3. Types of Personal Data and Categories of Data Subjects
The types of Personal Data and categories of Data Subjects depend on how you use the Services. They may include:
Types of Personal Data
- Account and contact information (name, email address, job title)
- Authentication credentials and session data
- Company and business information you provide
- Website, product, and catalog data that may contain personal information
- Queries, prompts, and content you submit for AI processing
- Usage data, events data, and analytics from integrations you enable
- Support communications and feedback
- Billing and payment-related information (payment card details are processed directly by our payment processor; eLLMo does not store full card numbers)
Categories of Data Subjects
- Your employees, contractors, and authorized users
- Your customers, website visitors, or end users (when you use integrations or upload data containing personal information)
- Any other individuals whose Personal Data you submit to the Services
You are responsible for ensuring that you have a lawful basis to collect and provide Personal Data to eLLMo for processing.
4. Duration
This DPA remains in effect for as long as eLLMo processes Personal Data on your behalf in connection with the Services. It terminates automatically when all Personal Data has been deleted or returned in accordance with Section 10, unless applicable law requires continued storage.
5. Processor Obligations
eLLMo will:
5.1 Confidentiality
Ensure that persons authorized to process Personal Data are bound by confidentiality obligations or are under an appropriate statutory duty of confidentiality.
5.2 Security
Implement appropriate technical and organizational measures to protect Personal Data, as described in Section 9 and our Security page.
5.3 Sub-processors
Not engage another processor without your general authorization as set out in Section 7. eLLMo remains fully liable to you for the performance of each Sub-processor's obligations.
5.4 Assistance with Data Subject Rights
Assist you, to the extent reasonably possible and taking into account the nature of processing, in responding to requests from Data Subjects to exercise their rights under Applicable Data Protection Law. If eLLMo receives a request directly from a Data Subject, we will promptly notify you and will not respond except on your instructions or as required by law.
5.5 Assistance with Compliance
Assist you, taking into account the nature of processing and information available to eLLMo, with:
- Security of processing
- Data protection impact assessments
- Prior consultations with supervisory authorities, where required
5.6 Breach Notification
Notify you without undue delay, and in any event within 72 hours, after becoming aware of a Personal Data Breach affecting Customer Data. Our notification will include, to the extent known, a description of the nature of the breach, the categories and approximate number of Data Subjects and records concerned, likely consequences, and measures taken or proposed to address the breach.
5.7 Deletion and Return
Upon termination of the Services or upon your written request, delete or return all Customer Data in accordance with Section 10, unless applicable law requires retention.
5.8 Audits and Information
Make available to you information reasonably necessary to demonstrate compliance with this DPA. Upon reasonable written request, eLLMo will provide summaries of relevant third-party audit reports (such as SOC 2) or respond to written security questionnaires, subject to confidentiality obligations.
5.9 International Transfers
Ensure that any transfer of Personal Data outside the European Economic Area, the United Kingdom, or Switzerland is subject to appropriate safeguards as described in Section 11.
6. Controller Obligations
You represent and warrant that:
- You have established a lawful basis for the processing of Personal Data under Applicable Data Protection Law
- You have provided any required notices to Data Subjects and, where necessary, obtained valid consent
- Your instructions to eLLMo comply with Applicable Data Protection Law
- You will not submit special categories of Personal Data (such as health data, biometric data, or data revealing racial or ethnic origin) to the Services unless you have a lawful basis and have informed eLLMo in writing in advance
You are responsible for the accuracy, quality, and legality of Customer Data and the means by which you acquired it.
7. Sub-processors
You provide general written authorization for eLLMo to engage Sub-processors to process Personal Data on your behalf, provided that eLLMo:
- Enters into a written agreement with each Sub-processor imposing data protection obligations no less protective than those in this DPA
- Remains liable for each Sub-processor's performance of its data protection obligations
Current Sub-processors
eLLMo maintains a complete and up-to-date list of Sub-processors at tryellmo.ai/legal/subprocessors.
We may update this list from time to time. If you are subject to GDPR or UK GDPR and object to a new Sub-processor on reasonable grounds relating to data protection, contact us at [email protected] within 30 days of our notice. We will work with you in good faith to address your concerns, which may include offering an alternative configuration where commercially reasonable.
8. Data Subject Rights
eLLMo will assist you in fulfilling your obligations to respond to Data Subject requests to exercise rights under Applicable Data Protection Law, including rights of access, rectification, erasure, restriction, portability, and objection.
To submit a request on behalf of a Data Subject, contact us at [email protected] with sufficient detail to identify the relevant account and data. We may direct Data Subjects to contact you directly where appropriate.
9. Security Measures
eLLMo maintains technical and organizational measures designed to protect Personal Data, including:
- Encryption in transit: TLS 1.2 or higher for data transmitted between clients and our services
- Encryption at rest: AES-256 encryption for stored data, including databases and file storage
- Access controls: Role-based access, authentication, and authorization checks on API and database access
- Network security: Private networks, firewalls, and load balancing with TLS termination
- Data isolation: Logical separation of customer data at the database level
- Monitoring and logging: Security monitoring, structured logging, and incident response procedures
- Vulnerability management: Dependency scanning, code review, and regular security updates
- Backup and recovery: Encrypted backups with defined retention and recovery procedures
Additional details are available on our Security page. eLLMo may update security measures over time, provided that the overall level of protection is not materially reduced.
10. Deletion and Return of Data
Upon termination of your account or the Services, or upon your written request, eLLMo will delete or return Customer Data within 90 days, unless applicable law requires retention.
- Deletion: Personal Data will be deleted from active systems. Residual copies may remain in encrypted backups for a limited period (typically up to 30 days) before being overwritten.
- Return: Upon request made within 30 days of termination, eLLMo will provide a reasonable export of Customer Data in a commonly used format, where technically feasible.
Anonymized and aggregated data that cannot reasonably be used to identify Data Subjects may be retained for analytics and service improvement, consistent with our Privacy Policy.
11. International Data Transfers
Customer Data may be processed and stored in the United States and other countries where eLLMo or its Sub-processors operate.
Where Personal Data is transferred from the European Economic Area, the United Kingdom, or Switzerland to a country that has not received an adequacy decision, eLLMo will ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (EU Module Two: Controller to Processor, or UK International Data Transfer Addendum as applicable)
- Supplementary measures where required by applicable guidance
Upon request, eLLMo will provide information about the transfer mechanisms in place. You may execute the applicable SCCs by contacting [email protected].
12. Liability
Each party's liability under this DPA is subject to the limitations and exclusions of liability set out in the Terms & Conditions, except that nothing in this DPA limits either party's liability for breaches of Applicable Data Protection Law to the extent such limitation is not permitted by law.
Each party agrees to indemnify and hold harmless the other party from claims, damages, and expenses arising from the indemnifying party's breach of this DPA or Applicable Data Protection Law, to the extent permitted by applicable law.
13. Term and Termination
This DPA is effective when you first use the Services and continues until eLLMo ceases processing Personal Data on your behalf. Sections that by their nature should survive termination (including confidentiality, deletion, liability, and governing law) will survive.
14. Governing Law
This DPA is governed by the same governing law and dispute resolution provisions as the Terms & Conditions, except that where you are established in the European Economic Area or the United Kingdom, nothing in this DPA limits your rights or remedies under Applicable Data Protection Law.
15. Changes to This DPA
We may update this DPA from time to time to reflect changes in our Services, Sub-processors, or legal requirements. When we make material changes:
- We will post the updated DPA on this page
- We will update the "Last updated" date
- We will notify you by email or through the Services where required by law
Continued use of the Services after the effective date of an update constitutes acceptance of the revised DPA, unless Applicable Data Protection Law requires a different process.
16. Contact
For questions about this DPA, Sub-processors, data subject requests, or security incidents:
Email: [email protected]
Website: tryellmo.ai
For GDPR-related inquiries, you may also contact us at the email above with the subject line "Data Protection Inquiry."