Terms and Conditions
Last Updated: July 13, 2026
Please read these terms carefully. They govern your access to and use of the AskEnola Platform.
These Terms of Service ("Terms") constitute a binding agreement between AskEnola, Inc., a Delaware corporation with its principal place of business at 74 E. Glenwood Avenue, Unit 5130, Smyrna, Delaware 19977 ("AskEnola," "we," "us," or "our"), and the entity or individual accessing or using the AskEnola Platform ("Customer," "you," or "your"). By checking the box marked "I agree to the Terms of Service," creating an account, selecting a Plan, or otherwise accessing or using the AskEnola Platform, you accept and agree to be bound by these Terms. If you do not agree to these Terms, you must not access or use the AskEnola Platform.
Table of contents
- Section 1: Acceptance of These Terms
- Section 2: Definitions
- Section 3: Subscription and Access
- Section 4: Our Obligations
- Section 5: Customer Data and Privacy
- Section 6: Intellectual Property
- Section 7: Fees, Billing, and Cancellation
- Section 8: Confidentiality
- Section 9: Warranties and Disclaimers
- Section 10: Limitation of Liability
- Section 11: Indemnification
- Section 12: Term and Termination
- Section 13: General Provisions
- Section 14: Changes to These Terms
- Appendix A: Support Terms
- Appendix B: Data Processing Addendum
Section 1: Acceptance of These Terms
1.1. Agreement to Terms.
These Terms of Service (these "Terms") constitute a binding agreement between AskEnola, Inc., a Delaware corporation with its principal place of business at 74 E. Glenwood Avenue, Unit 5130, Smyrna, Delaware 19977 ("AskEnola," "we," "us," or "our"), and the entity or individual accessing or using the AskEnola Platform ("Customer," "you," or "your"). By checking the box marked "I agree to the Terms of Service," creating an account, selecting a Plan, or otherwise accessing or using the AskEnola Platform, you accept and agree to be bound by these Terms. If you do not agree to these Terms, you must not access or use the AskEnola Platform.
1.2. Effective Date.
These Terms become effective between AskEnola and Customer on the date Customer first accepts them as described in Section 1.1 (the "Effective Date"). The "Last Updated" date above refers to the most recent version of these Terms generally, not to any individual Customer's Effective Date.
1.3. Authority.
If you are accepting these Terms on behalf of a company or other legal entity, you represent and warrant that you have the authority to bind that entity, in which case "Customer," "you," and "your" refer to that entity. You must be at least 18 years old and authorized to enter into contracts on behalf of your organization.
1.4. Order of Precedence.
If Customer and AskEnola have separately executed a signed Master Subscription Agreement, Order Form, or similar written agreement that expressly references or supersedes these Terms, the terms of that signed agreement will govern with respect to the subject matter it covers, and these Terms will govern all other matters not addressed in that signed agreement.
Section 2: Definitions
- "AskEnola Platform" means the hosted, cloud-delivered AI analytics software service provided by AskEnola, including the BADIR™ Framework, ADC™ (Automatic Data Cataloger), all associated interfaces, APIs, models, algorithms, and Documentation, as described on AskEnola's pricing and product pages and applicable to the Plan selected by Customer.
- "BADIR™ Framework" means AskEnola's proprietary Business Analytics and Decision Intelligence with Reasoning methodology and associated software engine, which structures and powers the analytical reasoning capabilities of the AskEnola Platform. BADIR™ is a trademark and proprietary intellectual property of AskEnola, Inc.
- "ADC™" means AskEnola's proprietary Automatic Data Cataloger technology, which automatically discovers, classifies, and catalogs Customer's data assets to enable the AskEnola Platform's analytics capabilities. ADC™ is the proprietary intellectual property of AskEnola, Inc.
- "Authorized Users" means Customer's employees, contractors, and consultants who are authorized by Customer to access the AskEnola Platform under these Terms and who have been issued unique login credentials.
- "Customer Data" means all data, content, records, files, prompts, inputs, outputs, Personal Data, and other information uploaded, submitted, or otherwise made available by Customer or its Authorized Users through the AskEnola Platform.
- "Documentation" means all user guides, technical manuals, API documentation, and help resources made available by AskEnola describing the features and use of the AskEnola Platform.
- "Plan" means the specific subscription tier (for example, AI Analyst or CFO Package), Authorized User seat count, fees, and billing cycle selected by Customer at sign-up or through Customer's account settings, as confirmed in Customer's order confirmation, invoice, or account dashboard.
- "Subscription Fees" means the recurring fees payable by Customer for access to the AskEnola Platform as specified in Customer's Plan.
- "Subscription Term" means the period during which Customer is authorized to access the AskEnola Platform under its Plan, as described in Section 12 (Term and Termination).
- "Usage Data" means aggregated and anonymized technical data collected by AskEnola regarding platform performance, feature usage statistics, error logs, and system metrics, which does not include Customer Data or any data that identifies Customer or its users.
- "Output" means any report, analysis, recommendation, visualization, or other result generated by the AskEnola Platform in response to Customer's queries or data inputs.
- "Personal Data" means any information relating to an identified or identifiable natural person, or any equivalent term such as "personal information" under applicable Data Protection Laws.
- "Personal Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Personal Data transmitted, stored, or otherwise Processed by AskEnola.
- "Subprocessor" means any third party engaged by AskEnola or its affiliates to Process Customer Personal Data on AskEnola's behalf in connection with the provision of the AskEnola Platform.
Section 3: Subscription and Access
3.1. Subscription Grant.
Subject to Customer's compliance with these Terms and timely payment of all Subscription Fees, AskEnola grants Customer a non-exclusive, non-transferable, non-sublicensable right to access and use the AskEnola Platform during the Subscription Term solely for Customer's internal business purposes and in accordance with the Documentation and Customer's Plan.
3.2. Authorized Users.
Customer may permit only its Authorized Users to access the AskEnola Platform. The number of Authorized Users shall not exceed the seat count specified in Customer's Plan. Customer shall not share login credentials between users or allow any single set of credentials to be used by more than one individual.
3.3. Seat Expansion.
If Customer wishes to add Authorized Users beyond the licensed seat count, Customer may do so through its account settings or by notifying AskEnola. Additional seats shall be added at the then-current per-seat rate. AskEnola may conduct a periodic true-up review and invoice Customer for any over-use of seats during the prior billing period.
3.4. Restrictions.
Customer shall not, and shall ensure that its Authorized Users do not:
- copy, modify, adapt, translate, or create derivative works of the AskEnola Platform or any of its components;
- reverse engineer, decompile, disassemble, decrypt, or attempt to derive the source code, underlying algorithms, models, logic, structure, or architecture of the AskEnola Platform, the BADIR™ Framework, or the ADC™ technology, or any component thereof, by any means whatsoever, including by observing platform outputs and behavior over time, using automated tools to probe the platform's responses, using Outputs to build, train, or fine-tune any competing model or system, or using any other method of extracting, inferring, or reconstructing AskEnola's proprietary methodologies;
- access the AskEnola Platform to build or benchmark a competing product or service;
- use the Outputs to train, fine-tune, or improve any artificial intelligence or machine learning model, system, or service that is not operated by AskEnola;
- sublicense, sell, resell, transfer, assign, or otherwise make the AskEnola Platform available to any third party;
- remove or obscure any proprietary notices, trademarks, or branding on the AskEnola Platform;
- use the AskEnola Platform in violation of any applicable law or regulation;
- upload or submit any Customer Data that infringes the intellectual property rights or privacy rights of any third party; or
- upload or submit any Customer Data unless Customer has all rights, consents, permissions, and other legal bases necessary for AskEnola to Process such Customer Data in accordance with these Terms, including Appendix B.
3.5. Acceptable Use.
Customer acknowledges that Outputs generated by the AskEnola Platform are AI-generated and advisory in nature. Customer shall not use Outputs as the sole basis for any material business, financial, legal, medical, or other decision without appropriate human review and oversight. AskEnola shall bear no liability for Customer's reliance on Outputs without such review.
Section 4: Our Obligations
4.1. Service Availability.
AskEnola shall use commercially reasonable efforts to make the AskEnola Platform available with a target monthly uptime of 99.0% in any given calendar month, excluding (a) scheduled maintenance windows; (b) emergency maintenance; (c) any unavailability caused by circumstances outside AskEnola's reasonable control; (d) factors attributable to Customer's equipment, software, network, or connectivity, or to third-party systems or services; and (e) suspension or termination of access in accordance with these Terms. The uptime figure is a target and not a guarantee.
4.2. Service Credits.
If AskEnola fails to meet the uptime commitment in Section 4.1, Customer's sole remedy shall be a service credit equal to the amounts below. Service credits shall be applied to Customer's next invoice, are Customer's exclusive remedy for downtime, and shall not exceed one month's Subscription Fees in any calendar month. To request a service credit, Customer must submit a written request within 30 days of the end of the calendar month in which the downtime occurred.
| Monthly Uptime | Service Credit |
|---|---|
| 98.0% – 98.99% | 5% of monthly Subscription Fee |
| 95.0% – 97.99% | 10% of monthly Subscription Fee |
| Below 95.0% | 15% of monthly Subscription Fee |
4.3. Security.
AskEnola shall implement and maintain administrative, technical, and physical security measures designed to protect Customer Data against unauthorized access, disclosure, alteration, or destruction, consistent with the specific measures described in Sections 4.4 through 4.6 and with Appendix B. Such measures include access controls and authentication mechanisms for AskEnola personnel; logical segregation of customer data; vulnerability management; security monitoring; periodic penetration testing or third-party security assessment; and incident response procedures.
4.4. Infrastructure and Hosting Location.
The AskEnola Platform and all Customer Data are hosted on Microsoft Azure. Primary application infrastructure and Customer Data reside in the Azure East US 2 region (Virginia, USA). AskEnola shall notify Customer of any change to the primary hosting region through the mechanisms described in Section 5.5.
4.5. Encryption.
Customer Data at rest is encrypted using AES-256 via Azure SQL Transparent Data Encryption (TDE). Customer Data in transit is encrypted using TLS 1.2 or TLS 1.3. These encryption standards apply to the AskEnola Platform's primary data store and do not supersede any additional encryption controls AskEnola may apply to specific components or Subprocessors.
4.6. Backups and Data Recovery.
AskEnola maintains automated Point-in-Time Restore (PITR) backups of Customer Data through Azure SQL Database, retained on a rolling 7-day basis. Long-Term Retention (LTR) backups are not currently enabled. Customer acknowledges that the 7-day PITR window governs AskEnola's ability to restore Customer Data following data loss or corruption, and that this backup retention period operates independently of, and is shorter than, the post-termination deletion timeline described in Section 5.6.
4.7. Security Incident Notice.
AskEnola shall notify Customer without undue delay after becoming aware of a Personal Data Breach affecting Customer Personal Data and, in any event, no later than seventy-two (72) hours after AskEnola becomes aware of such Personal Data Breach. To the extent known at the time, AskEnola's notice shall include the nature of the Personal Data Breach, the categories of affected Personal Data and Data Subjects, the likely consequences of the Personal Data Breach, the measures taken or proposed to address the Personal Data Breach, and a contact point for follow-up information. If all relevant information cannot be provided at the same time, AskEnola may provide information in phases without undue delay as such information becomes available. Notification under this Section does not constitute an admission of fault or liability.
4.8. Updates.
AskEnola shall provide Customer with Updates (bug fixes, patches, minor enhancements) to the AskEnola Platform at no additional charge during the Subscription Term. Upgrades (major new versions) may be provided at an additional fee as reflected in Customer's Plan.
4.9. Support.
AskEnola shall provide technical support as described in Appendix A (Support Terms). Support is limited to the AskEnola Platform application layer and does not include Customer's internal systems, networks, databases, or infrastructure.
Section 5: Customer Data and Privacy
5.1. Ownership of Customer Data.
As between the parties, Customer retains all right, title, and interest in and to Customer Data. AskEnola acquires no ownership rights in Customer Data by virtue of these Terms.
5.2. License to Customer Data.
Customer hereby grants AskEnola a limited, non-exclusive license to access, host, process, transmit, display, and use Customer Data solely to the extent necessary to provide, secure, maintain, support, and improve the AskEnola Platform and associated services under these Terms, and as otherwise permitted by Appendix B.
5.3. No Use for Training.
AskEnola shall not use Customer Data or Customer Personal Data to train, fine-tune, retrain, or otherwise improve AskEnola's general-purpose AI models, algorithms, or the BADIR™ Framework without Customer's prior written consent. AskEnola may use aggregated and de-identified Usage Data for platform improvement purposes, provided that such Usage Data cannot reasonably be used to identify Customer, any Authorized User, or any natural person.
5.4. DPA and Privacy Policy.
To the extent AskEnola Processes any Personal Data on behalf of Customer, the terms of AskEnola's Data Processing Agreement, attached as Appendix B, are incorporated into and form part of these Terms. In the event of any conflict between Appendix B and these Terms with respect to Personal Data, Appendix B shall govern. AskEnola's Privacy Policy governs Personal Data AskEnola processes as a controller for its own business purposes, while Appendix B governs AskEnola's Processing of Customer Personal Data on Customer's behalf.
5.5. Subprocessors.
Customer authorizes AskEnola to use affiliates and third-party service providers as Subprocessors in connection with the provision of the AskEnola Platform, including providers of hosting, infrastructure, storage, analytics, customer support, communications, security, and artificial intelligence functionality, provided that AskEnola remains responsible for its obligations under these Terms and Appendix B to the extent required by applicable law. Without limiting the foregoing, Customer acknowledges and agrees that AskEnola may use Microsoft Azure (including Azure OpenAI) as a Subprocessor or subprocessed service component in connection with the provision of the AskEnola Platform, subject to applicable contractual, technical, and security controls. AskEnola shall impose written confidentiality, security, and data protection obligations on Subprocessors that are no less protective than the obligations applicable to AskEnola under these Terms and Appendix B, to the extent applicable to the nature of the services performed by each such Subprocessor. AskEnola shall maintain a current list of material Subprocessors and shall make such list available through a trust center, website posting, customer notice mechanism, or upon reasonable written request.
5.6. Data Retention and Return.
Upon expiration or termination of these Terms, AskEnola shall, at Customer's written request made within 30 days of termination: (a) provide Customer with a copy of Customer Data in a commercially standard format (e.g., CSV, JSON, or other mutually agreed format); and (b) securely delete all Customer Data from AskEnola's systems within 60 days of such request, and provide written certification of deletion upon Customer's request. After the 60-day period, AskEnola shall have no obligation to retain or provide Customer Data, except to the extent retention is required by applicable law or ordinary backup retention processes described in Section 4.6, in which case such retained data shall remain protected in accordance with these Terms and Appendix B until it ages out of the 7-day PITR window.
5.7. Customer Responsibilities for Data.
Customer represents, warrants, and covenants that: (a) it has all rights, consents, authorizations, and other legal bases necessary to provide Customer Data to AskEnola and permit AskEnola to Process Customer Data as contemplated by these Terms; (b) Customer's submission and use of Customer Data through the AskEnola Platform will not violate any applicable law or third-party right; and (c) Customer will not submit special category data, protected health information, payment card data, or other highly sensitive data to the AskEnola Platform unless expressly authorized by AskEnola in writing and covered by any additional required contractual terms.
Section 6: Intellectual Property
6.1. AskEnola IP.
Customer acknowledges and agrees that AskEnola retains all right, title, and interest in and to the AskEnola Platform and all components thereof; the BADIR™ Framework; the ADC™ technology; all AskEnola trademarks, service marks, trade names, logos, and branding; and all intellectual property rights in any improvements, modifications, or derivative works of the AskEnola Platform, BADIR™ Framework, or ADC™ technology, including improvements inspired by or arising from Customer's use of the platform.
6.2. Feedback.
If Customer provides AskEnola with any feedback, suggestions, ideas, or recommendations regarding the AskEnola Platform, Customer hereby assigns to AskEnola all right, title, and interest in such feedback, and AskEnola may use such feedback without restriction or compensation to Customer.
6.3. Output Ownership.
Outputs generated by the AskEnola Platform in response to Customer's queries are delivered to Customer for Customer's internal business use. Customer owns the specific Output content it receives, subject to Section 3.4 and Section 6.1. AskEnola retains all rights in the underlying platform, models, methodologies, prompts, reasoning structures, and technologies used to generate Outputs.
6.4. No Implied License.
No rights are granted to Customer except as expressly set forth in these Terms. All rights not expressly granted are reserved to AskEnola.
Section 7: Fees, Billing, and Cancellation
Sections 7.1 through 7.7, covering Subscription Fees, invoicing, payment terms, taxes, cancellation, and related billing matters, are unchanged from AskEnola's current Terms of Service. For the current text of this section, contact us at [email protected].
Section 8: Confidentiality
8.1. Definition.
"Confidential Information" means all non-public information disclosed by one party to the other, whether orally, in writing, or in any other form, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure.
8.2. Obligations.
Each party agrees to: (a) hold the other party's Confidential Information in strict confidence using at least the same degree of care it uses for its own confidential information, but not less than reasonable care; (b) not disclose Confidential Information to any third party without prior written consent, except to employees, contractors, advisors, and Subprocessors with a legitimate need to know and confidentiality obligations at least as protective as those in these Terms; and (c) use Confidential Information solely for the purposes of these Terms.
8.3. Exceptions.
Confidentiality obligations do not apply to information that: (a) is or becomes publicly known through no breach of these Terms; (b) was rightfully known before disclosure; (c) is independently developed without use of Confidential Information; or (d) is required to be disclosed by law, provided the receiving party gives prompt prior notice and cooperates reasonably to seek a protective order.
8.4. Deemed Confidential Information.
Customer Data, including non-public Customer Personal Data, shall be deemed Customer Confidential Information. AskEnola's BADIR™ Framework, ADC™ technology, pricing, platform architecture, security documentation, product roadmaps, and non-public technical details of the AskEnola Platform shall be deemed AskEnola Confidential Information and trade secrets of the highest sensitivity.
Section 9: Warranties and Disclaimers
Sections 9.1 through 9.3, setting out each party's warranties and AskEnola's disclaimers regarding the AskEnola Platform, are unchanged from AskEnola's current Terms of Service. For the current text of this section, contact us at [email protected].
Section 10: Limitation of Liability
10.1. Aggregate Cap.
Except for (a) Customer's breach of Section 3.4 (Restrictions), (b) Customer's indemnification obligations under Section 11.2, (c) either party's breach of Section 8 (Confidentiality), or (d) either party's gross negligence or willful misconduct, in no event shall either party's aggregate liability under these Terms exceed the total Subscription Fees paid or payable by Customer in the twelve (12) months immediately preceding the event giving rise to liability. Notwithstanding the foregoing, AskEnola's total aggregate liability arising from or relating to its indemnification obligations under Section 11.1 shall not exceed two (2) times the total Subscription Fees paid or payable by Customer in the twelve (12) months immediately preceding the event giving rise to liability. Notwithstanding anything to the contrary in these Terms, with respect to claims arising from a Personal Data Breach caused by AskEnola's breach of its obligations under these Terms or Appendix B relating to the protection of Customer Personal Data, AskEnola's aggregate liability shall not be less than five thousand U.S. dollars (US $5,000). The foregoing limitations are subject to this express data breach liability floor.
10.2. Exclusion of Consequential Damages.
In no event shall either party be liable to the other for any indirect, incidental, special, consequential, or punitive damages, or for any loss of profits, revenue, data, or business opportunities, even if such party has been advised of the possibility of such damages. Nothing in this Section eliminates AskEnola's express notification obligations or the liability floor expressly stated in Section 10.1 for certain Personal Data Breach claims.
10.3. Basis of the Bargain.
The parties acknowledge that the limitations of liability in this Section 10 are a fundamental basis of the bargain and reflect a reasonable allocation of risk. The Subscription Fees have been set in reliance on these limitations.
Section 11: Indemnification
Sections 11.1 through 11.2, setting out each party's indemnification obligations to the other, are unchanged from AskEnola's current Terms of Service. For the current text of this section, contact us at [email protected].
Section 12: Term and Termination
Sections 12.1 through 12.5, covering the Subscription Term, renewal, and each party's termination rights, are unchanged from AskEnola's current Terms of Service, except that any reference to Section 5.5 should be read as Section 5.6 following the renumbering of the data retention and return clause in this version of the Terms. For the current text of this section, contact us at [email protected].
Section 13: General Provisions
Sections 13.1 through 13.14, covering matters such as governing law, notices, assignment, and severability, are unchanged from AskEnola's current Terms of Service. For the current text of this section, contact us at [email protected].
Section 14: Changes to These Terms
Sections 14.1 and 14.2, describing how AskEnola may update these Terms and how changes are communicated to Customer, are unchanged from AskEnola's current Terms of Service. For the current text of this section, contact us at [email protected].
Appendix A: Support Terms
Appendix A, describing AskEnola's technical support channels, hours, and response times, is unchanged from AskEnola's current Terms of Service. For the current text of this appendix, contact us at [email protected].
Appendix B: Data Processing Addendum
This Appendix B: Data Processing Addendum (this "DPA") is incorporated into and forms part of the AskEnola Terms of Service (the "Terms") between AskEnola, Inc. ("AskEnola") and the customer accepting the Terms ("Customer"). This DPA applies solely to the extent AskEnola Processes Personal Data on behalf of Customer in connection with Customer's use of the AskEnola Platform under the Terms.
1. Purpose and Scope
This DPA governs AskEnola's Processing of Customer Personal Data on behalf of Customer under the Terms. This DPA is effective automatically upon Customer's acceptance of the Terms and does not require separate execution when incorporated as an appendix to the Terms.
2. Definitions
For purposes of this DPA:
- "Applicable Data Protection Law" means all laws and regulations applicable to the Processing of Personal Data under the Terms, including, where applicable, the GDPR, UK GDPR, CCPA/CPRA, and other applicable U.S. state privacy laws.
- "Controller" means the entity that determines the purposes and means of the Processing of Personal Data.
- "Customer Personal Data" means any Personal Data Processed by AskEnola on behalf of Customer under the Terms.
- "Data Subject" means an identified or identifiable natural person to whom Personal Data relates.
- "GDPR" means Regulation (EU) 2016/679.
- "Personal Data" means any information relating to an identified or identifiable natural person, or any equivalent term such as "personal information" under Applicable Data Protection Law.
- "Personal Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Personal Data transmitted, stored, or otherwise Processed by AskEnola.
- "Process" or "Processing" means any operation or set of operations performed on Personal Data, whether or not by automated means.
- "Processor" means the entity that Processes Personal Data on behalf of the Controller.
- "Subprocessor" means any third party engaged by AskEnola to Process Customer Personal Data on behalf of Customer.
- "Standard Contractual Clauses" or "SCCs" means the European Commission's standard contractual clauses for the transfer of personal data to processors established in third countries, where applicable.
Unless otherwise defined in this DPA, capitalized terms used in this DPA have the meanings given to them in the Terms.
3. Roles of the Parties
The Parties acknowledge and agree that, with respect to Customer Personal Data, Customer is the Controller and AskEnola is the Processor. Nothing in this DPA prevents Customer from acting as a Processor on behalf of its own customers, in which case AskEnola shall remain a subprocessor or processor, as applicable, to Customer.
4. Processing Details
The subject matter, nature, purpose, categories of Personal Data, categories of Data Subjects, and location of Processing relating to the Processing under this DPA are described in Schedule 1 below. AskEnola shall Process Customer Personal Data only for the limited and specified purposes described in the Terms and this DPA.
5. Processor Obligations
- Documented Instructions. AskEnola shall Process Customer Personal Data only on documented instructions from Customer, including as set forth in the Terms, this DPA, and Customer's use of the AskEnola Platform.
- Compliance with Law. If AskEnola believes that an instruction from Customer violates Applicable Data Protection Law, AskEnola shall inform Customer, unless prohibited from doing so by law.
- Confidentiality. AskEnola shall ensure that personnel authorized to Process Customer Personal Data are subject to appropriate confidentiality obligations.
- No Sale or Sharing. AskEnola shall not sell, share, or use Customer Personal Data for cross-context behavioral advertising or for any purpose other than performing the services described in the Terms and this DPA.
- No Training on Customer Data. AskEnola shall not use Customer Personal Data to train or fine-tune AskEnola's own general-purpose artificial intelligence or machine learning models, except where Customer expressly instructs AskEnola in writing to do so.
6. Security Measures
AskEnola shall implement and maintain appropriate technical and organizational measures designed to protect Customer Personal Data against unauthorized or unlawful Processing and against accidental loss, destruction, damage, alteration, or disclosure, including, as appropriate:
- access controls and least-privilege access principles;
- encryption of Customer Personal Data, specifically AES-256 encryption at rest via Azure SQL Transparent Data Encryption (TDE) and TLS 1.2/1.3 encryption in transit;
- logical segregation of customer environments and data;
- vulnerability management and security monitoring;
- personnel security and confidentiality obligations; and
- incident response and recovery procedures.
Customer acknowledges that Customer remains responsible for configuring its use of the services, determining what Personal Data it submits, and using the services in compliance with Applicable Data Protection Law. Customer Personal Data Processed under this DPA is hosted on Microsoft Azure, with primary application infrastructure and data storage located in the Azure East US 2 region (Virginia, USA). AskEnola maintains Azure SQL Database Point-in-Time Restore (PITR) backups of Customer Personal Data on a rolling 7-day retention basis; Long-Term Retention (LTR) backups are not enabled. Backup copies are subject to the same encryption-at-rest standard described above.
7. Subprocessors
Customer authorizes AskEnola to engage Subprocessors to Process Customer Personal Data, provided that AskEnola remains responsible for the performance of its Subprocessors' obligations to the extent required by Applicable Data Protection Law. AskEnola's current Subprocessors may include hosting, infrastructure, analytics, support, and AI service providers reasonably necessary to provide the services. Without limiting the foregoing, Customer acknowledges and agrees that AskEnola may use Azure OpenAI as a Subprocessor or subprocessed service component in connection with the provision of AskEnola Products, subject to applicable contractual, technical, and security controls. AskEnola shall impose data protection obligations on Subprocessors that are no less protective than the obligations imposed on AskEnola under this DPA, to the extent applicable to the nature of the services provided by such Subprocessor, and shall make available an updated list of material Subprocessors upon reasonable request or through a designated URL or customer notice mechanism.
8. Assistance with Data Subject Requests
Taking into account the nature of the Processing, AskEnola shall provide reasonable assistance to Customer, insofar as possible, to enable Customer to respond to requests from Data Subjects to exercise their rights under Applicable Data Protection Law. If AskEnola receives a request directly from a Data Subject relating to Customer Personal Data, AskEnola shall, unless prohibited by law, direct the request to Customer and shall not respond except on Customer's documented instructions or as required by law.
9. Assistance with Compliance
Taking into account the nature of Processing and the information available to AskEnola, AskEnola shall provide reasonable assistance to Customer with Customer's obligations relating to security, breach notifications, impact assessments, and consultations with supervisory authorities, to the extent required by Applicable Data Protection Law.
10. Personal Data Breach Notification
AskEnola shall notify Customer without undue delay after becoming aware of a Personal Data Breach affecting Customer Personal Data and, in any event, no later than seventy-two (72) hours after AskEnola becomes aware of such Personal Data Breach. To the extent known at the time, such notice shall include:
- the nature of the Personal Data Breach;
- the categories of affected Personal Data and Data Subjects;
- the likely consequences of the Personal Data Breach;
- the measures taken or proposed to address the Personal Data Breach and mitigate its possible adverse effects; and
- a contact point from whom additional information may be obtained.
If all relevant information cannot be provided at the same time, AskEnola may provide information in phases without undue delay as such information becomes available. Notification of a Personal Data Breach under this Section does not constitute an admission by AskEnola of fault or liability.
11. Audits and Information Rights
Upon reasonable written request and no more than once annually, AskEnola shall make available information reasonably necessary to demonstrate compliance with this DPA. Where such information is insufficient under Applicable Data Protection Law, the Parties shall cooperate in good faith regarding a reasonable audit process, subject to appropriate confidentiality obligations, reasonable scope limitations, security requirements, and minimization of disruption to AskEnola's operations.
12. International Data Transfers
To the extent AskEnola Processes Customer Personal Data in or transfers Customer Personal Data to a country not recognized as providing an adequate level of protection under Applicable Data Protection Law, the Parties shall rely on the SCCs or another valid transfer mechanism required by Applicable Data Protection Law. Where the SCCs apply, they are incorporated by reference into this DPA, with Customer as exporter and AskEnola as importer, and shall be completed in a manner consistent with the Parties' roles and the Processing described in this DPA.
13. Deletion and Return of Data
Upon termination or expiration of the Terms, AskEnola shall, at Customer's choice and subject to the Terms and applicable law, delete or return Customer Personal Data, unless retention is required by applicable law. Notwithstanding the foregoing, AskEnola may retain Customer Personal Data to the extent required by law or for the standard 7-day PITR backup retention cycle described in Section 6 above, provided such retained data remains protected in accordance with this DPA.
14. Liability
The liability of each Party arising out of or relating to this DPA shall be subject to the limitations and exclusions of liability set forth in the Terms. Notwithstanding anything to the contrary in the Terms, with respect to claims arising from a Personal Data Breach caused by AskEnola's breach of this DPA, AskEnola's aggregate liability shall not be less than $5,000. Except for this specific floor, this DPA does not independently expand either Party's liability beyond the limitations otherwise set forth in the Terms.
15. Termination
This DPA shall remain in effect for as long as AskEnola Processes Customer Personal Data on behalf of Customer under the Terms.
16. General Provisions
- Order of Precedence. In the event of a conflict between this DPA and the Terms with respect to the Processing of Customer Personal Data, this DPA shall control.
- Governing Law. This DPA shall be governed by the governing law set forth in the Terms, unless Applicable Data Protection Law requires otherwise for specific provisions such as the SCCs.
- Amendments. This DPA may be amended only in accordance with the amendment provisions of the Terms, except that AskEnola may make updates required to reflect changes in Applicable Data Protection Law or transfer mechanisms, provided such changes do not materially reduce Customer's rights under this DPA.
- Severability. If any provision of this DPA is held to be invalid or unenforceable, the remaining provisions shall remain in full force and effect.
- Counterparts. To the extent the Terms are accepted electronically, this DPA shall be deemed accepted electronically together with the Terms and no separate counterpart signature shall be required.
Schedule 1: Processing Details
A. Subject Matter of Processing
Provision of the AskEnola Products and related support, maintenance, analytics, and customer success services under the Terms.
B. Nature and Purpose of Processing
Hosting, storage, organization, retrieval, analysis, display, transmission, and other Processing activities necessary to provide the AskEnola Products and related support services to Customer.
C. Categories of Data Subjects
Customer personnel, users, administrators, contractors, business counterparties, and other individuals whose Personal Data is submitted to the AskEnola Products by or on behalf of Customer.
D. Categories of Personal Data
Business contact information, account and user credentials, usage data, device and log data, support communications, workflow and analytics inputs, and any other Personal Data submitted by Customer through the services.
E. Sensitive Data
Unless expressly agreed in writing, Customer shall not submit special categories of data or other highly sensitive Personal Data to the services.
F. Duration of Processing
For the duration of the Terms and such additional period as necessary to complete deletion, return, or legally required retention of Customer Personal Data.
G. Location of Processing
Customer Personal Data is Processed and stored on Microsoft Azure infrastructure, with primary resources located in the Azure East US 2 region (Virginia, USA). Encryption at rest (AES-256 via Azure SQL TDE) and in transit (TLS 1.2/1.3) applies as described in Section 6 above. Backups are retained on a rolling 7-day basis via Azure SQL Point-in-Time Restore, with Long-Term Retention not enabled.