Data Processing Addendum

Last Updated: March 30, 2026

Purpose and Scope

This Data Processing Addendum, including any appendices referenced herein (the “DPA”), forms part of the Terms of Service, Privacy Policy, or any other written or electronic agreement incorporating this DPA by reference (collectively, the “Agreement”) between Poodle AI Labs Inc. (“Poodle AI,” “we,” “us,” or “our”) and the entity or user identified as the customer in the Agreement (“Customer,” “you,” or “your”) for the purpose of providing the Services (as defined in the Agreement).

In the course of providing the Services to Customer pursuant to the Agreement, Poodle AI may Process Personal Information and Customer Data (each as defined in the Privacy Policy) on behalf of the Customer. This DPA sets forth the terms and conditions that apply when such Personal Information is Processed by Poodle AI on behalf of the Customer and is subject to Applicable Data Protection Laws.

Customer enters into this DPA on behalf of itself and, to the extent required under Applicable Data Protection Laws, in the name and on behalf of its Affiliates authorized to use the Services under the Agreement. Unless otherwise defined herein, capitalized terms used in this DPA shall have the meanings assigned to them in the Agreement or the Privacy Policy.

2. Processing of Personal Information

This DPA applies to the Processing of Personal Information by Poodle AI in its capacity as a Processor or service provider, where such Processing is carried out on behalf of the Customer and is subject to Applicable Data Protection Laws.

The parties acknowledge and agree that, with respect to the Processing of Personal Information:

• The Customer is the Controller (or “business” under applicable laws); and

• Poodle AI is the Processor (or “service provider”) acting on behalf of the Customer.

The subject matter, duration, nature, and purpose of the Processing, as well as the types of Personal Information processed and the categories of data subjects, are described in Appendix 1 to this DPA.

2.1 Customer Responsibilities

Customer shall, in its use of the Services:

(a) Comply with all obligations applicable to it as a Controller under Applicable Data Protection Laws;

(b) Ensure that its instructions to Poodle AI are lawful and consistent with Applicable Data Protection Laws;

(c) Be solely responsible for the accuracy, quality, and legality of the Personal Information and Customer Data submitted to the Services; and

(d) Ensure that it has obtained all necessary rights, consents, and authorizations required to transfer Personal Information to Poodle AI for Processing in accordance with this DPA and the Agreement.

2.2 Customer Instructions

Customer instructs Poodle AI to Process Personal Information for the purpose of providing, maintaining, and improving the Services in accordance with the Agreement, this DPA, and the Privacy Policy.

Poodle AI shall Process Personal Information only on documented instructions from the Customer, including those provided through the Customer’s use of the Services. Poodle AI shall promptly inform Customer if, in its reasonable opinion, an instruction infringes Applicable Data Protection Laws.

2.3 Poodle AI Responsibilities

Poodle AI shall:

(a) Comply with its obligations under Applicable Data Protection Laws in its role as a Processor;

(b) Process Personal Information only in accordance with Customer’s documented instructions; and

(c) Not:

• Sell Personal Information;

• Retain, use, or disclose Personal Information for any purpose other than the purposes set forth in the Agreement and this DPA;

• Process Personal Information outside the direct business relationship between Customer and Poodle AI; or 

• Combine Personal Information with data obtained from other sources, except in each case as permitted by the Agreement or required by Applicable Data Protection Laws.

3. Subprocessors

Customer hereby provides a general authorization for Poodle AI to engage third-party subprocessors (“Subprocessors”) in connection with the provision of the Services.

List of subprocessors:

Name Purpose Location Website
AWS Cloud infrastructure, file storage, database hosting, serverless compute Canada aws.amazon.com
Auth0 User authentication and identity management United States auth0.com
Stripe Payment processing and subscription billing United States stripe.com
Google Gemini AI language model services United States cloud.google.com
LiveKit Real-time video/audio conferencing infrastructure United States livekit.io
Mixpanel Product analytics and user event tracking United States mixpanel.com
Customer.io Email marketing, event-triggered campaigns, CDP United States customer.io
Intercom Customer support and messaging Ireland intercom.com
Cloudinary Image hosting, transformation, and CDN delivery United States cloudinary.com

4. Confidentiality

Poodle AI shall ensure that any personnel authorized to Process Personal Information are subject to appropriate confidentiality obligations, whether contractual or statutory, that survive termination of their engagement.

Poodle AI shall not disclose Personal Information to any governmental authority unless required to do so by applicable law or a valid and binding legal order.

Where legally permitted, Poodle AI shall:

(a) Notify Customer of such request; and

(b) Take reasonable steps to limit the scope of disclosure to the minimum amount of information required.

5. Security Measures

Poodle AI shall maintain a comprehensive information security program designed to protect Personal Information and Customer Data processed in connection with the Services.

Such program is designed to align with industry-recognized security and data protection standards, including the SOC 2 framework, the ISO/IEC 27000 series of standards, the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and other substantially similar frameworks, as applicable to the nature and scope of the Services.

Poodle AI shall implement and maintain appropriate technical and organizational measures to protect Personal Information against Security Incidents and to preserve the confidentiality, integrity, availability, and resilience of its systems and services.

Such measures shall include, as appropriate:

(a) The encryption of Personal Information in transit and, where applicable, at rest; 

(b) The implementation of access controls and authentication mechanisms to restrict access to authorized personnel;

(c) The ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services;

(d) The ability to restore the availability of and access to Personal Information in a timely manner in the event of a physical or technical incident; and

(e) A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the Processing.

Poodle AI may update or modify such security measures from time to time, provided that such updates and modifications do not materially decrease the overall level of security of the Services.

6. Security Incident Management

In the event that Poodle AI becomes aware of a Security Incident affecting Personal Information, Poodle AI shall take reasonable steps to contain, investigate, and remediate the incident, and notify Customer without undue delay where required by Applicable Data Protection Laws.

Any such notification shall not be construed as an admission of fault or liability.

7. Data Subject Rights

To the extent required by Applicable Data Protection Laws, Poodle AI shall provide commercially reasonable assistance to Customer in responding to requests from data subjects exercising their rights under applicable law, taking into account the nature of the Processing and the information available to Poodle AI.

8. International Data Transfers

Customer acknowledges and agrees that Poodle AI may transfer and Process Personal Information outside of the Customer’s country of residence as necessary to provide the Services, including in Canada, the United States, and other jurisdictions where Poodle AI, its Affiliates, and Subprocessors maintain data processing operations.

Poodle AI shall take all measures reasonably necessary to ensure that such transfers are made in compliance with Applicable Data Protection Laws, including, where applicable, laws governing cross-border data transfers.

To the extent that Personal Information originating from the European Economic Area, the United Kingdom, or other jurisdictions with data transfer restrictions is Processed by Poodle AI, Poodle AI shall implement appropriate safeguards designed to ensure an adequate level of protection for such Personal Information in accordance with Applicable Data Protection Laws.

Customer acknowledges that Personal Information may be Processed in Canada, a jurisdiction that, in certain circumstances, has been recognized as providing an adequate level of protection for Personal Information under applicable European Data Protection Laws.

9. Return and Deletion of Data

Poodle AI retains Personal Information and Customer Data only for as long as necessary to provide the Services, fulfill its obligations under the Agreement, comply with applicable legal requirements, resolve disputes, enforce its agreements, and maintain the security and integrity of the platform.

Upon termination or expiration of the Services, or upon Customer’s written request, Poodle AI will take commercially reasonable steps to delete or anonymize Personal Information and Customer Data within a reasonable timeframe, in accordance with its data retention practices. Poodle AI may retain certain information where required to comply with applicable laws, regulations, or legal processes, or where necessary to resolve disputes, enforce agreements, or maintain the security, integrity, and proper functioning of the Services.

10. General

This DPA forms part of and is incorporated into the Agreement. Except as expressly modified herein, the Agreement shall remain in full force and effect. In the event of a conflict between this DPA and the Agreement, this DPA shall prevail with respect to the subject matter herein.

The liability of each party under this DPA shall be subject to the limitations of liability set forth in the Agreement.

This DPA shall remain in effect for the duration of the Agreement and for as long as Poodle AI Processes Personal Information on behalf of the Customer.

We may update this Data Processing Addendum to reflect changes in law, technology, or business operations. Material changes will be communicated via email, platform notices, or website announcements. Continued use after updates constitutes acceptance.

11. Contact Us

For privacy inquiries, data requests, or to exercise your rights, please contact:

Poodle AI Labs Inc.
📧 Email: support@pitchpoodle.com
🌐 Website: www.pitchpoodle.com

Appendix 1

Subject Matter: Provision of AI-powered training, simulation, and roleplay services.

Duration: For the duration of the Agreement and as otherwise required for legitimate business or legal purposes.

Nature and Purpose: Processing necessary to provide, operate, maintain, and improve the Services.

Categories of Data Subjects: Users of the Services, including employees, contractors, and representatives of the Customer.

Types of Personal Information:

• Account information (name, email, role, etc)

• Usage and interaction data

• User Content and simulation inputs/outputs

💡 Want to learn more about us?

Visit our FAQs

Related Links

Terms of Service

Privacy Policy

Cookies Policy

Pricing

Contact Us

Train better, faster

Practice real sales conversations with adaptive AI buyers. Train cold calls, discovery meetings, product demos, and objections.

Product
AI SimulationsPersonalized InsightsPerformance AnalyticsTeam ReportsTraining Plans
Resources
Technical RequirementsFAQsBlogMetrics LibraryContact Us
Company
Request a DemoCareersPricingROI Calculator
Copyright © 2026 Poodle AI Labs
Privacy
Terms