DATA PROCESSING AGREEMENT

Last updated July 08, 2025
This Data Processing Agreement ("DPA") forms part of the Terms and Conditions between you ("Customer" or "you") and JANET AI INC ("Janet AI," "we," "us," or "our") and governs the processing of personal data in connection with the Services.

1. DEFINITIONS

For the purposes of this DPA:
  • "Data Protection Laws" means applicable laws and regulations relating to privacy and data protection, including but not limited to the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable state and federal privacy laws.
  • "Personal Data" means any information relating to an identified or identifiable natural person that is processed by Janet AI on behalf of Customer in connection with the Services.
  • "Processing" has the meaning given in applicable Data Protection Laws.
  • "Services" means the Janet AI platform and related services provided under our Terms and Conditions.

2. PROCESSING OF PERSONAL DATA

Scope and Nature of Processing

Janet AI will process Personal Data as a processor on behalf of Customer. The details of processing are as follows:
  • Subject matter: Provision of AI-powered ticket management and analysis services
  • Duration: For the term of the agreement and as required for legal compliance
  • Purpose: To provide the Services, including AI analysis, ticket categorization, relationship detection, and reporting
  • Categories of data: User account information, Jira ticket content, comments, attachments, project metadata, and related business information
  • Categories of data subjects: Customer employees, contractors, and end users

3. CUSTOMER OBLIGATIONS

Customer warrants and undertakes that:
  • It has all necessary rights and consents to provide Personal Data to Janet AI for processing
  • It will comply with all applicable Data Protection Laws in its use of the Services
  • It will implement appropriate technical and organizational measures to ensure data security
  • It will promptly notify Janet AI of any data subject requests or regulatory inquiries

4. JANET AI OBLIGATIONS

Janet AI will:
  • Process Personal Data only in accordance with Customer's documented instructions and this DPA
  • Implement appropriate technical and organizational security measures to protect Personal Data
  • Ensure that personnel authorized to process Personal Data are bound by confidentiality obligations
  • Assist Customer in responding to data subject requests and regulatory inquiries
  • Notify Customer without undue delay of any personal data breach
  • Delete or return Personal Data upon termination of services, unless retention is required by law

5. SECURITY MEASURES

Janet AI implements the following security measures:
  • Encryption of data at rest and in transit
  • Row Level Security (RLS) policies for data isolation
  • Multi-factor authentication and access controls
  • Regular security monitoring and auditing
  • Employee training on data protection and security
  • Incident response procedures

6. SUB-PROCESSORS

Customer acknowledges and agrees that Janet AI may engage sub-processors to assist in providing the Services. Janet AI maintains a current list of sub-processors at tryjanet.ai/sub-processors.All sub-processors are required to:
  • Implement appropriate technical and organizational security measures
  • Process personal data only on documented instructions
  • Maintain confidentiality of personal data
  • Comply with applicable data protection regulations
Janet AI will notify Customer of any changes to sub-processors at least 30 days in advance via email and by updating the sub-processors list.

7. DATA SUBJECT RIGHTS

Janet AI will assist Customer in fulfilling data subject requests, including requests for access, rectification, erasure, restriction of processing, data portability, and objection to processing, taking into account the nature of processing and available information.Data subjects may exercise their rights by:

8. DATA BREACH NOTIFICATION

Janet AI will notify Customer without undue delay after becoming aware of any personal data breach affecting Customer's Personal Data. The notification will include:
  • Description of the nature of the breach
  • Categories and approximate number of data subjects affected
  • Likely consequences of the breach
  • Measures taken or proposed to address the breach

9. INTERNATIONAL DATA TRANSFERS

Personal Data may be transferred to and processed in the United States and other countries where Janet AI and its sub-processors operate. Janet AI ensures appropriate safeguards are in place for international transfers, including:
  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by relevant data protection authorities
  • Other lawful transfer mechanisms as applicable

10. DATA RETENTION AND DELETION

Janet AI will retain Personal Data only for as long as necessary to provide the Services and comply with legal obligations:
  • Active accounts: Personal data retained while account is active
  • Account termination: Personal data deleted within 30 days unless retention required by law
  • Audit logs: Retained for 90 days for security and compliance purposes
  • Backups: Encrypted backups retained for 30 days for disaster recovery

11. AUDITS AND COMPLIANCE

Janet AI will make available to Customer information necessary to demonstrate compliance with this DPA and allow for and contribute to audits, including inspections, conducted by Customer or an auditor mandated by Customer, subject to reasonable advance notice and confidentiality obligations.Customer may request compliance information by contacting support@tryjanet.ai.

12. LIABILITY AND INDEMNIFICATION

Each party's and all of its affiliates' liability, taken together in the aggregate, arising out of or related to this DPA, and all DPAs between the parties, whether in contract, tort, or under any other theory of liability, is subject to the limitation of liability provisions in the Terms and Conditions.

13. TERM AND TERMINATION

This DPA will remain in effect until termination of the Terms and Conditions or until all Personal Data has been deleted or returned, whichever occurs later. Upon termination, Janet AI will delete or return all Personal Data and delete existing copies unless retention is required by applicable law.

14. GOVERNING LAW

This DPA is governed by the same laws as the Terms and Conditions. In case of conflict between this DPA and the Terms and Conditions, this DPA will prevail with respect to data processing matters.

15. CONTACT INFORMATION

For questions about this DPA or data processing practices, please contact us at:
Email: support@tryjanet.ai
Address:
JANET AI INC
20015 Orchard Meadow Dr
Saratoga, CA 95070
United States