Version 2026.01

Data Processing Addendum

This Data Processing Addendum ("DPA") supplements the PeopleVizio Terms of Service and forms part of the agreement between the customer (the "Controller") and Payvizio Technologies Pvt Ltd ("PeopleVizio", the "Processor") regarding the processing of personal data.

1. Roles and scope

Customer is the Controller; PeopleVizio is the Processor. PeopleVizio processes personal data only on documented instructions from the Controller, including regarding transfers.

2. Sub-processors

PeopleVizio uses sub-processors listed on /legal/subprocessors. We will provide prior notice of changes and the Controller may object in writing.

3. Security

Technical and organisational measures are described in our Security page, including encryption at rest and in transit, access controls, and incident response.

4. International transfers

Where personal data is transferred outside the Controller's region, Standard Contractual Clauses or equivalent safeguards apply.

5. Data subject rights

PeopleVizio will assist the Controller in responding to requests under GDPR, DPDP Act, and other applicable laws, via tooling in the platform or by export request.

6. Breach notification

PeopleVizio will notify the Controller without undue delay, and in any event within 72 hours, after becoming aware of a Personal Data Breach.

7. Audit rights

The Controller may request our current SOC 2 Type II report and ISO 27001 certificate. Onsite audits are available for Enterprise customers under reasonable terms.

8. Deletion and return

Upon termination, PeopleVizio will return or delete all customer personal data within 90 days and provide written confirmation.

9. Liability

Each party's liability under this DPA is subject to the caps and exclusions in the Terms.