Sign in
Start Free Trial
breadcrumb image

Data Processing Agreement (DPA)

FlowSendr > Data Processing Agreement (DPA)

Last Updated: 15-11-2025

This Data Processing Agreement (“DPA”) forms part of the Terms of Service or any other Service Agreement (“Main Agreement”) between:

AIMRech Private Limited (FlowSendr)
“Processor” or “Service Provider”
Navi Mumbai, Maharashtra, India
Email: support@flowsendr.com

and

You, the client or organisation using FlowSendr Services
“Controller” or “Customer”

This DPA governs how FlowSendr processes Personal Data on behalf of the Customer in compliance with applicable data protection laws, including GDPR, CCPA, Indian IT Act, and any other relevant legislation.

1. Definitions

  • “Personal Data” – Any information relating to an identified or identifiable individual.
  • “Controller” – The entity that determines the purpose and means of processing Personal Data (the Customer).
  • “Processor” – The entity that processes Personal Data on behalf of the Controller (FlowSendr/AIMRech Pvt. Ltd.).
  • “Processing” – Any operation performed on Personal Data (collection, storage, access, transmission, deletion).
  • “Sub-Processor” – Third parties engaged by FlowSendr to process data on behalf of the Customer.

2. Purpose of Processing

FlowSendr processes Customer Data solely for:

  • ✔ Providing communication services (e.g., WhatsApp Messaging, Automation, Campaigns)
  • ✔ Managing user accounts, billing, and technical support
  • ✔ Ensuring security, backup, analytics, and service optimisation
  • ❌ Personal Data is never sold or rented.

3. Roles & Responsibilities

3.1 Controller (Customer) Agrees To:

  • Provide Personal Data lawfully and responsibly
  • Ensure users have given clear consent where required
  • Use data only in compliance with laws and WhatsApp policies

3.2 Processor (FlowSendr) Agrees To:

  • Process Personal Data only under documented instructions from the Controller
  • Keep Personal Data confidential and secure
  • Assist the Controller in fulfilling data subject rights (access, correction, deletion)

4. Sub-Processors

FlowSendr uses trusted third-party tools like:

  • WhatsApp Business API Providers / Meta
  • Cloud Hosting Providers (AWS, Google Cloud, etc.)
  • Payment Gateways (Razorpay, Stripe, PayPal, etc.)
  • Analytics Tools (Google Analytics, Meta Pixel, etc.)

FlowSendr ensures all Sub-Processors comply with data protection obligations. A full list of Sub-Processors can be provided upon request.

5. Data Security Measures

FlowSendr implements appropriate technical and organisational measures, including:

  • Data encryption (in transit & at rest)
  • Secure access controls & authentication
  • Regular backups and incident monitoring
  • Limited employee access on a need-to-know basis

6. International Data Transfers

  • Personal Data may be transferred to or stored in data centres located outside the Customer’s country.
  • Such transfers will follow GDPR-approved mechanisms such as Standard Contractual Clauses (SCCs) or equivalent safeguards.

7. Data Breach Notification

In case of a Personal Data breach, FlowSendr will:

  • Notify the Customer without undue delay
  • Provide details of the breach, risk assessment, and mitigation actions
  • Fully cooperate until the issue is resolved

8. Data Subject Rights Assistance

FlowSendr will assist the Customer in handling requests related to:

  • Data access, correction, deletion (“Right to be Forgotten”)
  • Data portability, restriction, or objection to processing
  • Consent withdrawal (where applicable)

9. Data Retention & Deletion

  • FlowSendr retains Personal Data only as long as required for service delivery or legal obligations.
  • Upon request or contract termination, data will be securely deleted or anonymised, unless the law requires longer retention.

10. Audit & Compliance

  • The Customer may request documentation or security reports to verify compliance.
  • Physical audits may be allowed under reasonable notice and mutual agreement.

11. Liability & Governing Law

  • Liability terms follow those in the Main Agreement (Terms of Service).
  • This DPA is governed by the laws of India, with jurisdiction in Mumbai, Maharashtra.

12. Term & Termination

  • This DPA remains effective as long as FlowSendr processes data on behalf of the Customer.
  • Upon termination, FlowSendr will delete or return all Customer Data unless legally required to retain it.

13. Contact Information

For data protection inquiries: