Data Processing Agreement.

In the context of this agreement, the Customer acts as the Data Controller (the entity that decides why and how data is collected from their callers). Syntax Voice LLC acts as the Data Processor (the infrastructure that executes the routing and inference on behalf of the Controller). We process PII only in accordance with the Controller's documented instructions via the Syntax Flow dashboard.

The nature of the processing includes the ingestion of voice audio, text messages, caller ID (phone numbers), and transcribed session text. The purpose of this processing is strictly limited to providing the Syntax Voice routing, intent recognition, and human-escalation services. Syntax Voice will never process this data for its own commercial benefit, advertising, or profiling purposes.

Syntax Voice engages third-party sub-processors (such as AWS for compute, and secure LLM APIs for inference) to maintain our sub-800ms latency and high-availability edge network. All LLM sub-processors are legally bound by Zero-Data Retention agreements; they are prohibited from using Customer data to train foundational models. Syntax Voice will provide 30 days' written notice via the workspace dashboard before authorizing any new sub-processor that handles PII.

Syntax Voice implements and maintains rigorous technical and organizational measures to protect PII against unauthorized access, accidental loss, or destruction. This includes AES-256 encryption at rest, TLS 1.3 for all data in transit, and strict role-based access controls (RBAC) for our Syntax Specialists. Customers operating on the Pro and Agency tiers may request access to our annual SOC 2 Type II audit report to verify these controls.

In the event of a confirmed Security Incident resulting in the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of Customer PII, Syntax Voice will notify the Customer's designated Workspace Administrator without undue delay, and in any event within 72 hours of becoming aware of the breach. We will provide all necessary telemetry and cooperation to assist the Customer in fulfilling their own regulatory reporting obligations.

Upon termination of the Master Subscription Agreement, or upon explicit request by the Data Controller via the dashboard, Syntax Voice will systematically delete all Customer PII, including call logs, audio files, and transcripts, from our active production systems. Encrypted backup volumes are automatically cycled and purged within 30 days of the deletion request.