Data Processing Agreement

Last Updated: 10 November 2025

This Data Processing Agreement (“DPA”) forms an integral part of the Terms of Use and governs the processing of personal data between:

(1) {{CLIENT_NAME}} (“Data Controller”) — the individual or entity determining the purpose and means of data processing; and (2) Insphire Digi Tech Pvt Ltd, operating as Jurex.AI (“Data Processor”) — providing AI-powered document automation and template-generation services.

This DPA applies whenever the Controller’s personal data is processed through the Jurex.AI platform, website, or related services.

4.1. Purpose and Scope

The purpose of this DPA is to ensure that both parties comply with applicable data protection laws (including the General Data Protection Regulation (GDPR), Singapore PDPA, and other relevant privacy laws) when processing personal data.

Jurex.AI, acting as a Processor, will process personal data solely on behalf of and under the documented instructions of the Controller for the following purposes:

Account setup, authentication, and management

Template creation, customization, and storage

Subscription and billing administration

Technical and customer support

Platform optimization and analytics

Jurex.AI shall not process data for any purpose other than as explicitly documented or as required by law.

4.2. Roles and Responsibilities

Controller Responsibilities:

Ensuring that all personal data provided to Jurex.AI has been lawfully collected and authorized for processing.

Determining the lawful basis of processing under applicable data protection regulations.

Ensuring that individuals whose data is uploaded (e.g., names in contracts) are aware of the processing activities.

Processor Responsibilities:

Processing data only under the Controller’s instructions and in accordance with this DPA.

Implementing and maintaining appropriate security and confidentiality measures.

Assisting the Controller in fulfilling data subject requests and compliance obligations.

Notifying the Controller without undue delay in case of a data breach.

4.3. Types of Data Processed

Depending on the Controller’s usage of the Platform, the following categories of personal data may be processed:

User account details (name, email, contact number)

Payment and subscription data (via secure third-party gateways)

Uploaded information contained within templates or drafts

Usage metadata and technical logs (IP, browser, device identifiers)

Jurex.AI does not intentionally process special categories of data (sensitive data such as health, race, religion, or biometric information). The Controller must ensure such data is not submitted unless absolutely necessary and authorized.

4.4. Sub-Processing

Jurex.AI may engage Sub-Processors to assist in providing the services. These may include hosting, data storage, or analytics providers.

Approved Sub-Processors include (indicative list):

Amazon Web Services (AWS) – Cloud hosting and data storage

Google Cloud Platform (GCP) – AI processing infrastructure

Stripe / PayPal – Secure payment processing

Google Analytics – Aggregated usage analytics

Each Sub-Processor:

Is bound by written confidentiality and data protection agreements, and

Provides equivalent or stronger data protection measures as required under this DPA.

Jurex.AI will maintain an updated list of Sub-Processors and notify the Controller of any material changes.

4.5. Data Security Measures

Jurex.AI implements both technical and organizational safeguards to ensure data integrity and security, including:

Encryption:

Data in transit protected by HTTPS/TLS.

Sensitive data stored using AES-256 encryption.

Access Control:

Limited access for authorized personnel under confidentiality agreements.

Role-based permissions for administrative access.

Monitoring & Vulnerability Management:

Regular security audits, penetration testing, and system patching.

Data Backup & Recovery:

Encrypted backups maintained for service continuity.

Incident Response:

In the event of a confirmed data breach, Jurex.AI will notify the Controller within 72 hours, including details of the breach, affected data, and mitigation actions.

The Controller is responsible for ensuring the security of local devices and user credentials.

4.6. International Data Transfers

If personal data is transferred outside the jurisdiction of origin (e.g., from the EU or Singapore), Jurex.AI ensures:

Transfers occur only to countries recognized as providing adequate protection, or

Appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or equivalent mechanisms.

4.7. Data Subject Rights Assistance

Jurex.AI will assist the Controller, upon request, in responding to data subject requests such as:

Access, correction, deletion, or data portability requests

Restriction of processing or objection requests

Such assistance will be provided to the extent technically feasible and in accordance with applicable law.

4.8. Data Retention, Deletion & Return

Upon termination of the Controller’s account or subscription, or upon the Controller’s written request:

All personal data will be deleted or anonymized within 30 days, unless retention is required by law.

Upon request, Jurex.AI will return a copy of the data in a commonly used, machine-readable format before deletion.

Data backups may remain in encrypted form for disaster recvery but will also be automatically purged in line with retention schedules.

4.9. Confidentiality

All personnel authorized to process data on behalf of Jurex.AI are bound by strict confidentiality obligations and undergo data protection training. No data will be disclosed to third parties without lawful authorization or Controller consent.

4.10. Liability and Indemnification

Each party shall be liable for damages arising from its own acts or omissions that violate data protection obligations.

However, Jurex.AI shall not be liable for:

Misuse or misconfiguration of the Platform by the Controller;

Inaccurate or unauthorized data uploaded by the Controller; or

Breaches caused by third-party services outside its control.

In no event shall Jurex.AI’s total liability exceeds the total subscription fees paid by the Controller in the preceding 12 months.

4.11. Audits and Compliance

Upon reasonable notice, Jurex.AI shall provide relevant documentation to demonstrate compliance with this DPA and applicable data protection laws. Direct audits by the Controller shall be limited to once annually, with reasonable notice and during business hours, unless required by regulatory authorities.

4.12. Governing Law and Jurisdiction

This DPA is governed by the laws of Punjab, India, without regard to conflict of law principles. Any disputes shall be subject to the exclusive jurisdiction of the courts located in Mohali, Punjab, India.

4.13. Contact

For data protection inquiries, breach notifications, or compliance requests, please contact:

📧 Email: support@jurex.ai 🏢 Registered Office: Insphire Digi Tech Pvt Ltd, D270 305A Vista Business Tower, Sector 74, Sahibzada Ajit Singh Nagar, Mohali, Punjab 140307, India 🌐 Website:
📞 Phone (Optional): +91 76528 45628