Data Processing Addendum

LAST UPDATED: June 26, 2025

This Data Processing Addendum (“DPA”) forms an integral part of the Master SaaS and Service Agreement (“MSSA”) or the Terms of Service (“ToS”), as applicable (each, the “Main Agreement”), entered into between:

SNOHBRICKS TECHNOLOGY PRIVATE LIMITED (“Snohai,” “Processor,” or “We”) and THE CUSTOMER (“Data Fiduciary,” or “You”) This DPA applies to the processing of Personal Data by Snohai on behalf of the Data Fiduciary in connection with the provision of the Snohai Products (including Snoh Docs, Snoh Ava, and Snoh Fusion) under the Main Agreement. This DPA reflects the Parties’ agreement regarding the processing of Personal Data in accordance with the Digital Personal Data Protection Act, 2023 (“DPDPA”) and other applicable data protection laws.

1. DEFINITIONS

Capitalized terms not otherwise defined in this DPA shall have the meaning given to them in the Main Agreement. In addition, the following definitions apply:

  • Data Fiduciary” has the meaning ascribed to it under the DPDPA; typically, the entity (You) that determines the purpose and means of the processing of Personal Data.
  • Data Principal” has the meaning ascribed to it under the DPDPA; the individual to whom the Personal Data relates.
  • Data Protection Laws” means all applicable laws and regulations relating to the processing of Personal Data, including but not limited to the DPDPA.
  • Data Processor” has the meaning ascribed to it under the DPDPA; typically, the entity (Snohai) that processes Personal Data on behalf of the Data Fiduciary.
  • Personal Data” has the meaning ascribed to it under the DPDPA; data about an individual who is identifiable by or in relation to such data.
  • Processing,” “Process,” “Processes” has the meaning ascribed to it under the DPDPA; a broadly defined set of operations performed on Personal Data.
  • Security Incident” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored, or otherwise processed by Snohai in connection with the provision of the Snohai Products.
  • Sub-Processor” means any third party engaged by Snohai to process Personal Data on behalf of Snohai in connection with the provision of the Snohai Products.

2. ROLES OF THE PARTIES

2.1. Data Fiduciary: The Parties acknowledge and agree that, for the purposes of the Data Protection Laws, the Data Fiduciary is the Data Fiduciary and Snohai is the Data Processor with respect to the Personal Data processed under this DPA.

2.2. Data Fiduciary Responsibilities: The Data Fiduciary shall: a. Comply with all Data Protection Laws in its collection, use, and transfer of Personal Data, including having a lawful basis for Processing Personal Data and for providing it to Snohai. b. Be responsible for the accuracy, quality, and legality of the Personal Data and the means by which it acquired the Personal Data. c. Ensure that all necessary consents, notices, and approvals (if any) are obtained from Data Principals for the Processing of their Personal Data by Snohai in accordance with this DPA and the Main Agreement. d. Be responsible for responding to Data Principal requests regarding their rights under Data Protection Laws, unless otherwise agreed herein.

2.3. Data Processor Responsibilities: Snohai shall Process Personal Data only on the documented instructions of the Data Fiduciary, unless
required to do so by applicable law. In such a case, Snohai shall inform the Data Fiduciary of that legal requirement before Processing, unless that law prohibits such information on important grounds of public interest.

3. DETAILS OF PROCESSING

3.1. Subject-matter of the Processing: The provision of the Snohai Products by Snohai to the Data Fiduciary as described in the Main Agreement.

3.2. Duration of the Processing: For the term of the Main Agreement, unless otherwise specified in this DPA or the Main Agreement. Snohai will retain Personal Data for the period necessary to fulfill the purposes outlined in Snohai’s Privacy Policy, or as required by law, and will delete or anonymize it thereafter in accordance with its data retention policy.

3.3. Nature and Purpose of the Processing: Processing Personal Data for the purpose of providing, maintaining, supporting, and improving the Snohai Products, including:

  • Storing and managing Client Data.
  • Performing intelligent document processing (Snoh Fusion).
  • Providing data insights and analytics (Snoh Ava).
  • Enabling document management functionalities (Snoh Docs).
  • Operating and improving Generative AI features, including training and refining AI models using aggregated, anonymized, or de-identified data.
  • Technical support, troubleshooting, and service delivery. 

3.4. Type of Personal Data: Data Fiduciary may submit various types of Personal Data to the Snohai Products, including but not limited to:

  • Identity Data (e.g., names, usernames, job titles)
  • Contact Data (e.g., email addresses, phone numbers, addresses)
  • Content of documents, text, images, and other materials uploaded by Data Fiduciary or its users (which may contain various categories of Personal Data depending on the Data Fiduciary’s use of the Services).

3.5. Categories of Data Principals: Data Principals are individuals whose Personal Data is contained within the Client Data provided by the Data Fiduciary, which may include Data Fiduciary’s employees, customers, clients, vendors, partners, or other individuals.

4. DATA PROCESSOR OBLIGATIONS

4.1. Instructions: Snohai will Process Personal Data solely in accordance with the Data Fiduciary’s documented instructions, which are constituted by the Main Agreement, this DPA, and any specific instructions provided by the Data Fiduciary through the functionality of the Snohai Products.

4.2. Confidentiality: Snohai shall ensure that persons authorized to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

4.3. Security Measures: Snohai shall implement and maintain reasonable technical and organizational security measures designed to protect the security, confidentiality, and integrity of Personal Data against unauthorized access, disclosure, alteration, or destruction, in accordance with industry standards and the DPDPA. These measures are described generally in Snohai’s Privacy Policy and may be detailed further upon request (subject to confidentiality obligations).

4.4. Security Incident Notification: Snohai will notify the Data Fiduciary without undue delay upon becoming aware of a Security Incident affecting Personal Data Processed under this DPA. Snohai will provide reasonable assistance to the Data Fiduciary concerning any data breach notification to the Data Protection Board of India or affected Data Principals, considering the nature of processing and the information available to Snohai.

4.5. Assistance with Data Principal Rights: Taking into account the nature of the Processing, Snohai will assist the Data Fiduciary by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Data Fiduciary’s obligation to respond to requests for exercising Data Principal rights under Data Protection Laws.

4.6. Assistance with Data Protection Impact Assessments (DPIAs): Snohai will, to the extent required by Data Protection Laws and considering the nature of the Processing and the information available to Snohai, provide reasonable assistance to the Data Fiduciary with regard to any data protection impact assessments and prior consultations with the Data Protection Board of India or other supervisory authority.

4.7. Deletion or Return of Personal Data: Upon termination or expiration of the Main Agreement, Snohai will, at the Data Fiduciary’s option (exercised by written notice), delete or return all Personal Data to the Data Fiduciary, unless otherwise required by law to store the Personal Data. Snohai will delete existing copies of Personal Data unless Data Protection Laws require storage.

4.8. Audits: Snohai will make available to the Data Fiduciary all information necessary to demonstrate compliance with the obligations laid down in this DPA and Data Protection Laws and allow for and contribute to audits, including inspections, conducted by the Data Fiduciary or another auditor mandated by the Data Fiduciary, provided that: 

a. Such audits shall be conducted no more than once per year, during normal
business hours, with reasonable prior written notice to Snohai.

b. The Data Fiduciary bears all costs associated with such audits.

c. The auditor is bound by confidentiality obligations.

d. The audit does not unreasonably interfere with Snohai’s business operations.

5. SUB-PROCESSORS

5.1. Appointment of Sub-Processors: The Data Fiduciary generally authorizes Snohai to engage Sub-Processors for the Processing of Personal Data. Snohai shall inform the Data Fiduciary of any intended changes concerning the addition or replacement of Sub-Processors, thereby giving the Data Fiduciary the opportunity to object to such changes on reasonable grounds.

5.2. Sub-Processor Obligations: Where Snohai engages a Sub-Processor, Snohai will impose on that Sub-Processor data protection obligations that are no less protective than those set out in this DPA. Snohai remains fully responsible to the Data Fiduciary for the performance of that Sub Processor’s obligations.

6. INTERNATIONAL DATA TRANSFERS

Snohai endeavors to host Personal Data within data centers located in India for Indian users. However, the Data Fiduciary acknowledges that, for operational purposes, some Processing activities or the use of certain Snohai Product components may involve international transfers of Personal Data outside of India. Snohai will ensure that any such international transfers comply with Data Protection Laws by implementing appropriate safeguards, such as standard contractual clauses or ensuring the recipient country has an adequate level of data protection.

7. GENERAL PROVISIONS

7.1. This DPA shall be governed by and construed in accordance with the laws of India.

7.2. In the event of a conflict between the terms of this DPA and the Main Agreement regarding the processing of Personal Data, the terms of this DPA shall prevail.

7.3. This DPA constitutes the entire agreement between the Parties with respect to the subject matter hereof and supersedes all prior discussions and agreements.

7.4. Any amendments to this DPA must be in writing and signed by both Parties.

SnohAI Logo
Facebook Twitter Youtube

Products

Quick Links

Copyright © 2025 SnohAI | Powered by SnohAI
Scroll to Top