Data Processing Agreement

Effective from: June 2026 · Between Camile AI (Processor) and Enterprise Customer (Controller)

1. Scope

This DPA governs the processing of personal data by Camile AI Tecnologia LTDA ("Processor") on behalf of the contracting organization ("Controller") under the applicable service agreement. This DPA is incorporated by reference into our Enterprise Terms.

2. Definitions

Terms shall have the meanings defined in LGPD (Lei 13.709/2018): personal data, sensitive data, processing, controller, processor, data subject, ANPD.

3. Processing Details

4. Processor Obligations

5. Subprocessors

Controller authorizes the following subprocessors:

Processor will inform Controller of any intended changes to subprocessors and provide an opportunity to object.

6. Security Measures

7. International Transfers

Data is primarily stored and processed in Brazil. Some subprocessors may process data in other jurisdictions. In such cases, Processor ensures adequate safeguards (Standard Contractual Clauses or equivalent).

8. Audit Rights

Controller may audit Processor's compliance with this DPA once per year, upon 30 days' notice, during business hours, and at Controller's expense. Processor will provide relevant documentation and reports.