Data Processing Agreement

This Data Processing Agreement (“DPA”) forms part of the agreement between you (“Customer”) and Adam Zerella (ABN 30 654 613 086) (“Interop”, “we”, “us”) for the use of the Services. This DPA applies where Interop processes personal data on behalf of Customer as a processor or service provider.

Organization Details

Adam Zerella

Level 30/91 King William St
Adelaide 5000
Australia

Security Contact: [email protected]

Service Overview

The Services provide software for interacting with users, including chat-based functionality. The Services process data submitted by users to provide responses and operate the platform.

Data Categories Processed

We may process the following categories of personal data on behalf of Customer:

  • Names and contact details (if provided by Customer or end users)
  • Content submitted to the Services (e.g., chat input)
  • Device and activity data (e.g., IP address, user agent)

We do not intend to process sensitive information (as defined in the Privacy Act 1988) unless expressly agreed in writing.

Security Standards

We maintain reasonable technical and organizational measures to protect personal data, including:

  • Encryption in transit for data sent to and from the Services
  • Access controls and least-privilege permissions
  • Logging and monitoring for security events
  • Secure configuration and change management

AI-Specific Safeguards

Where AI features are used, outputs are provided as informational assistance only and require human review. We aim to minimize the use of personal data in AI processing and use de-identification where practical.

Privacy Act 1988 (Cth) Compliance

Interop complies with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). In processing personal information on behalf of Customer, Interop will:

  • Process personal information only on documented instructions from Customer
  • Implement appropriate technical and organizational safeguards
  • Assist with access and correction requests as required by the APPs
  • Take reasonable steps to ensure overseas recipients comply with the APPs before any cross-border disclosure

Access and Correction Rights

Under the Privacy Act 1988 (Cth), Customer and individuals may request access to personal information we hold about them, and may request correction of any inaccurate, out-of-date, incomplete, or misleading information. Requests can be made to [email protected].

Security Incident Response

We will notify Customer without undue delay after becoming aware of a personal data breach affecting Customer data and provide relevant information as reasonably available. We will take prompt steps to contain and mitigate any incident.

Subprocessors

We use third-party service providers for services such as cloud hosting, DNS, and security. We require them to implement appropriate security and confidentiality measures. A current list of subprocessors is available on request at [email protected].

Termination and Return/Deletion

Upon termination of the Services, we will return or delete Customer personal data within a reasonable period unless retention is required by law, dispute resolution or backup integrity obligations.

Contact

Questions about this DPA can be sent to [email protected].

Last Updated: Jan 1, 2026