Legal
AgentFlow Enterprise can provide a DPA template for B2B customers. The template supports controller-processor review, and the final agreement should be reviewed and signed by both parties.
Template - legal review required
The DPA is intended to support controller-processor review for business customers evaluating AgentFlow Enterprise.
This template is provided for business review and should be reviewed by legal counsel before signature.
This page describes implementation and vendor readiness. It is not a SOC 2, ISO 27001, penetration test, or legal compliance certification.
Public business identity
Business review
The DPA template identifies the customer legal entity and AgentFlow Enterprise, operated through Xolo Go OÜ - Ciprian-Stefan Plesca, using the public business identity shown on this page.
Controller / processor
The customer generally acts as controller for its lead, contact, and customer data. AgentFlow Enterprise / Xolo Go OÜ acts as processor where it processes personal data on the customer's behalf, subject to final legal review.
Lead operations
Processing may support B2B lead capture, AI-assisted lead qualification, scoring, workflow routing, dashboard review, billing support, notifications, and configured integration handoffs.
Service term
Processing should continue for the term of the customer relationship or the period defined in the signed agreement, including any reasonable transition, deletion, or return period.
Configured use
The service processes data to operate the SaaS platform, authenticate users, maintain tenant records, qualify and route leads, support billing, and provide customer-requested integrations where configured.
B2B data
Typical categories include names, work email addresses, phone numbers, company details, lead message content, source attribution, qualification notes, AI scoring output, account identifiers, billing references, and support context.
Customer-defined
Data subjects may include customer users, customer prospects, business contacts, leads, representatives, administrators, and support contacts submitted to or generated through the platform.
Implementation controls
Security measures may include encrypted transport, server-side secrets, protected dashboard access, tenant-aware data handling, payment provider delegation, logging controls, environment separation, backup review, and operational monitoring where configured.
Vendor readiness
The active subprocessor list depends on the customer's configuration and enabled features. Customers should review the public subprocessor page and any contract-specific vendor list before signature.
Customer review
Transfers and processing locations depend on infrastructure regions, vendor terms, and account settings. Customers should review each vendor's data processing terms and selected regions before onboarding.
Assistance
AgentFlow Enterprise can support reasonable controller requests to locate, export, correct, restrict, or delete relevant customer data according to the signed agreement and applicable configuration.
Access handling
Personnel and service providers with access to customer data should be bound by confidentiality obligations or equivalent professional duties appropriate to the service.
Incident support
The final DPA should define breach assessment, evidence capture, processor-to-controller communication, remediation support, and cooperation responsibilities without presenting this page as a contractual SLA.
End of service
At termination or upon verified request, customer data should be returned, exported, or deleted according to the signed agreement, legal obligations, and configured retention schedules.
Reasonable review
The template provides a cooperation path for reasonable security and processing review. Any audit scope, timing, confidentiality, and cost terms should be agreed in the final signed DPA.
Signed DPA
Business customers can request a signed DPA through the contact flow. The final agreement should be reviewed and signed by both parties before it is relied on.
Template status
This template is provided for business review and should be reviewed by legal counsel before signature. This is not legal advice.
Signature process
Use the template for business review, then contact the team to confirm customer details, active subprocessors, any customer instructions, and signature requirements.