Legal
DeployLogic is built for enterprise trust. Read our complete privacy policy, terms, data processing practices, and security architecture below.
Last updated: June 1, 2026
We collect information that you provide directly to us when you create an account, request a demo, or interact with our services. This includes personal identification information such as your name, email address, phone number, company name, and job title. We also collect usage data automatically, including your IP address, browser type and version, pages visited, time spent on pages, referring URLs, and device identifiers.
When you use our AI agent services, we process conversation data including call transcripts, chat logs, and voice recordings (with your explicit consent). This data is necessary to deliver, improve, and maintain the quality of our AI agent services.
We use the information we collect to provide, maintain, and improve our services; to process transactions and send related information; to send you technical notices, updates, security alerts, and administrative messages; to respond to your comments, questions, and requests; to monitor and analyze trends, usage, and activities in connection with our services; and to comply with legal obligations.
Conversation data processed by our AI agents is used exclusively for the purpose of delivering the contracted service to you. We do not use your conversation data to train our AI models without your explicit, written consent.
DeployLogic does not sell, rent, or trade your personal information to third parties. We share information only in the following circumstances: with service providers who perform services on our behalf under contractual data processing agreements (including cloud infrastructure providers, CRM platforms you have authorized, and analytics services); when required by law, subpoena, or other legal process; to protect the rights, property, or safety of DeployLogic, our customers, or the public; and with your explicit consent.
We retain your personal information for as long as your account is active or as needed to provide you with our services. Conversation data is retained for 90 days by default, after which it is automatically purged from our systems unless a different retention period is specified in your service agreement. You may request deletion of your data at any time by contacting our data protection team at privacy@deploylogic.ai. We will process deletion requests within 30 days.
Under applicable data protection laws, including the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data: the right to access your data and receive a copy; the right to rectification of inaccurate data; the right to erasure ("right to be forgotten"); the right to restriction of processing; the right to data portability in a machine-readable format; the right to object to processing based on legitimate interests; and the right to withdraw consent at any time where processing is based on consent.
To exercise any of these rights, contact us at privacy@deploylogic.ai. We will respond to all legitimate requests within 30 days. We may ask you to verify your identity before processing your request.
We use essential cookies that are strictly necessary for the operation of our website and services, including session management and security tokens. We also use analytics cookies (such as Google Analytics) to understand how visitors interact with our website. Analytics cookies are only placed with your consent. You can manage your cookie preferences at any time through your browser settings or our cookie consent banner. Disabling essential cookies may affect the functionality of our services.
Last updated: June 1, 2026
By accessing or using DeployLogic's services, website, or any associated applications (collectively, the "Services"), you agree to be bound by these Terms of Service. If you are entering into these terms on behalf of a company or other legal entity, you represent that you have the authority to bind that entity to these terms. If you do not agree to these terms, do not access or use the Services.
DeployLogic provides AI-powered receptionist and communication agents that operate across voice, web chat, WhatsApp, and Instagram channels. Our Services include the deployment, configuration, and management of AI agents; integration with customer relationship management (CRM) systems; conversation data processing and analytics; and related professional services as described in your service agreement.
You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account. You agree to provide accurate, current, and complete information during the registration process and to update such information to keep it accurate. You must immediately notify DeployLogic of any unauthorized use of your account or any other breach of security. DeployLogic will not be liable for any loss arising from your failure to comply with this section.
You agree not to use the Services for any unlawful purpose or in any way that could damage, disable, overburden, or impair the Services. Prohibited activities include but are not limited to: using the Services for illegal activities, spam, or fraud; attempting to reverse engineer, decompile, or disassemble the Services; interfering with the security or integrity of the Services; using the Services to harass, abuse, or harm others; transmitting malware, viruses, or other harmful code; and attempting to gain unauthorized access to any portion of the Services.
All intellectual property rights in the Services, including but not limited to the software, algorithms, user interface designs, documentation, and trademarks, are owned by DeployLogic or its licensors. Nothing in these Terms grants you any right to use DeployLogic's trademarks, logos, or brand features. You retain all ownership rights to your data, content, and materials that you provide to the Services. You grant DeployLogic a limited license to use your data solely for the purpose of providing the Services to you.
To the maximum extent permitted by applicable law, DeployLogic shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including without limitation, loss of profits, data, use, goodwill, or other intangible losses, resulting from your access to or use of or inability to access or use the Services. In no event shall DeployLogic's aggregate liability for all claims related to the Services exceed the amount you paid to DeployLogic in the twelve (12) months preceding the claim.
Either party may terminate the service agreement by providing thirty (30) days' written notice to the other party. DeployLogic may also terminate or suspend your access to the Services immediately, without prior notice, if you breach these Terms, if required by law, or if DeployLogic discontinues the Services. Upon termination, your right to use the Services will cease immediately. We will provide you with a reasonable opportunity to export your data within 30 days of termination.
These Terms shall be governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to its conflict of law principles. Any legal action or proceeding arising out of or relating to these Terms shall be brought exclusively in the federal or state courts located in Wilmington, Delaware, and you consent to the personal jurisdiction and venue of such courts.
Last updated: June 1, 2026
This Data Processing Addendum ("DPA") forms part of the service agreement between DeployLogic ("Processor") and the customer ("Controller") and governs the processing of personal data in connection with the Services. DeployLogic acts as a data processor on behalf of the Controller. The types of personal data processed include contact information (names, email addresses, phone numbers), conversation data (transcripts, recordings), CRM metadata, and any other personal data transmitted through the AI agent channels.
DeployLogic processes personal data in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"). Our lawful bases for processing include performance of a contract (Article 6(1)(b)), compliance with legal obligations (Article 6(1)(c)), and legitimate interests (Article 6(1)(f)) where not overridden by data subject rights. We support all data subject rights as outlined in Articles 15–22 of the GDPR and will assist the Controller in fulfilling data subject access requests within the required timeframes.
For cross-border data transfers outside the European Economic Area, we rely on Standard Contractual Clauses (SCCs) as adopted by the European Commission, supplemented by additional technical and organizational measures. Our Data Protection Officer can be reached at dpo@deploylogic.ai.
For customers in the healthcare sector, DeployLogic offers a Business Associate Agreement (BAA) that governs the handling of Protected Health Information (PHI) in accordance with the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and the HITECH Act. We implement the minimum necessary standard for PHI access, ensuring that only the data required to perform the contracted service is processed.
Our HIPAA compliance program includes comprehensive administrative, physical, and technical safeguards; workforce training on PHI handling and breach awareness; audit controls that record and examine access to systems containing PHI; and regular risk assessments conducted at least annually.
DeployLogic maintains SOC 2 Type II certification, verified through annual audits conducted by an independent third-party auditing firm. Our certification covers all five Trust Service Criteria established by the AICPA: Security (protection against unauthorized access), Availability (system accessibility as committed), Processing Integrity (complete, valid, and accurate processing), Confidentiality (protection of information designated as confidential), and Privacy (personal information collected, used, retained, and disclosed in conformity with commitments).
We maintain continuous monitoring of all controls and provide customers with access to our latest SOC 2 Type II audit report upon request under NDA.
All data transmitted to and from DeployLogic services is encrypted in transit using TLS 1.3 (Transport Layer Security), the most current version of the protocol, ensuring forward secrecy and protection against downgrade attacks. All data at rest — including conversation transcripts, voice recordings, contact information, and database backups — is encrypted using AES-256 (Advanced Encryption Standard with 256-bit keys), the gold standard for symmetric encryption.
Encryption keys are managed through Hardware Security Modules (HSMs) that are FIPS 140-2 Level 3 certified. Key rotation occurs automatically every 90 days, and customers may request on-demand key rotation at any time. We maintain strict separation of encryption keys between tenants to prevent any cross-tenant data access.
DeployLogic implements role-based access control (RBAC) across all systems, adhering to the principle of least privilege. Every team member is granted only the minimum level of access necessary to perform their job function. Multi-factor authentication (MFA) is mandatory for all employees and contractors accessing production systems. We conduct quarterly access reviews to verify that permissions remain appropriate and revoke access immediately upon role changes or termination.
Administrative access to customer data requires explicit approval through our privileged access management system, with all sessions logged and auditable. We maintain a complete audit trail of all access events with tamper-proof logging.
DeployLogic engages a limited number of sub-processors to deliver the Services. Current sub-processor categories include: cloud infrastructure providers (hosting, compute, storage), telecommunications providers (voice call routing, SMS delivery), CRM platform integrations (as authorized by the Controller), and monitoring and security services (threat detection, uptime monitoring).
We maintain an up-to-date list of sub-processors and will notify the Controller at least 30 days before engaging any new sub-processor. The Controller has the right to object to any new sub-processor within 14 days of notification. All sub-processors are subject to equivalent data protection obligations through binding contractual agreements, and we conduct annual security assessments of all sub-processors.
In the event of a confirmed personal data breach, DeployLogic will notify the Controller within 72 hours of becoming aware of the breach, as required by Article 33 of the GDPR. The notification will include the nature of the breach, including the categories and approximate number of data subjects and records affected; the likely consequences of the breach; and the measures taken or proposed to address the breach and mitigate its effects.
Our incident response procedure follows a structured protocol: detection and containment (immediate), assessment and classification (within 4 hours), notification to affected parties (within 72 hours), root cause analysis (within 7 days), remediation and preventive measures (within 30 days), and a comprehensive post-incident review report delivered to the Controller.
Last updated: June 1, 2026
DeployLogic's infrastructure is hosted on SOC 2 Type II-compliant cloud providers with data centers located in multiple geographic regions. Our architecture employs multi-region deployment with automated failover to ensure high availability. We maintain a 99.99% uptime Service Level Agreement (SLA) backed by redundant systems at every layer of the stack — compute, storage, networking, and DNS. All infrastructure is provisioned using infrastructure-as-code practices with version-controlled configurations and automated deployment pipelines.
Our network perimeter is protected by a Web Application Firewall (WAF) that inspects and filters all incoming traffic against known attack patterns, including OWASP Top 10 vulnerabilities. Enterprise-grade DDoS protection is deployed at the edge to absorb volumetric attacks. All production workloads run within isolated Virtual Private Clouds (VPCs) with strict security group rules and network access control lists. Intrusion detection and prevention systems (IDS/IPS) monitor all network traffic in real-time, with automated blocking of suspicious activity and immediate alerting to our security operations team.
We follow a Secure Software Development Lifecycle (SSDLC) that integrates security at every stage of development. All code changes undergo mandatory peer review with security-focused review criteria. We perform regular penetration testing conducted by qualified third-party firms at least twice per year, with remediation of all critical and high-severity findings within 7 days. Automated dependency scanning runs on every build to identify and alert on known vulnerabilities in third-party libraries. Static application security testing (SAST) and dynamic application security testing (DAST) are integrated into our CI/CD pipeline.
Centralized log management aggregates logs from all systems — application servers, databases, network devices, and security appliances — into a tamper-proof, searchable repository. Real-time alerting is configured for security-relevant events including authentication failures, privilege escalation attempts, configuration changes, and anomalous API usage patterns. Our Security Information and Event Management (SIEM) system correlates events across data sources to detect sophisticated attack patterns. All logs are retained for a minimum of 90 days in hot storage and 1 year in cold storage to support forensic investigations and compliance audits.
DeployLogic maintains a dedicated security team with a 24/7 on-call rotation for incident response. Our incident response plan includes documented runbooks for all common incident types — data breaches, service outages, unauthorized access, and malware infections. Every incident triggers a structured response process: detection, containment, eradication, recovery, and lessons learned. Post-incident reviews are conducted within 5 business days of resolution, with findings documented and remediation actions tracked to completion.
All third-party vendors with access to customer data or production systems undergo a comprehensive security risk assessment before onboarding. This assessment includes review of their security certifications (SOC 2, ISO 27001), completion of our security questionnaire, evaluation of their data protection practices, and verification of insurance coverage. Annual vendor reviews ensure continued compliance with our security standards. Vendors that fail to meet our requirements are given a remediation timeline or replaced.