LLMKOSHA Logo

Data Processing Agreement

Effective date: May 4, 2026

1. Introduction

This Data Processing Agreement (“DPA”) is entered into between Laxm OPC Pvt. Ltd. (“Data Processor”) and you (“Data Controller”) and governs the processing of personal data in connection with LLMKOSHA.

This DPA forms part of our commitment to GDPR compliance and data protection.

2. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Processing: Any operation performed on personal data, such as collection, storage, use, or disclosure.
  • Data Controller: The entity that determines the purposes and means of processing personal data.
  • Data Processor: The entity that processes personal data on behalf of the Data Controller.
  • Data Subject: The individual to whom personal data relates.

3. Subject Matter and Duration

Subject Matter: Processing of personal data in connection with the provision of LLMKOSHA services.

Duration: This DPA remains in effect for the duration of your use of LLMKOSHA and until all personal data is deleted or returned in accordance with this agreement.

4. Nature and Purpose of Processing

We process personal data on your behalf for the following purposes:

  • Providing and operating LLMKOSHA services
  • Domain scanning and analysis services
  • User account management and authentication
  • Payment processing and subscription management
  • Customer support and service improvement
  • Security monitoring and fraud prevention
  • Legal and regulatory compliance

5. Types of Personal Data

Categories of personal data processed include:

  • Identity Data: Name, email address, profile information
  • Financial Data: Payment information, transaction records
  • Technical Data: IP addresses, browser information, device data
  • Usage Data: Service usage patterns, domain information, scan results
  • Communication Data: Support tickets, contact form submissions

6. Data Subjects

Personal data processed relates to the following categories of data subjects:

  • Your organization's employees and representatives
  • Website visitors and end users of your domains
  • Administrators and users of LLMKOSHA accounts
  • Individuals contacting customer support

7. Processor Obligations

As Data Processor, we commit to:

  • Process only on documented instructions: Process personal data only as documented in your instructions and this DPA.
  • Confidentiality: Ensure that personnel processing personal data are bound by confidentiality obligations.
  • Security measures: Implement appropriate technical and organizational security measures.
  • Assistance to Data Controller: Assist you in fulfilling data subject rights and data protection obligations.
  • Data breach notification: Notify you without undue delay of any personal data breach.
  • Data deletion/return: Delete or return personal data at the end of the service relationship.

8. Security Measures

We implement appropriate security measures including:

  • Technical Measures: Encryption in transit and at rest, secure authentication, access controls
  • Organizational Measures: Staff training, access policies, regular security reviews
  • Physical Measures: Secure data centers, restricted access to infrastructure
  • Monitoring: 24/7 security monitoring, intrusion detection systems

9. Sub-Processing

We may engage sub-processors for specific processing activities. We ensure that sub-processors provide adequate data protection guarantees through contractual agreements equivalent to this DPA.

Current sub-processors include:

  • Payment Processors: PayU, RazorPay, CashFree, Stripe
  • Email Services: Transactional email providers
  • Infrastructure Providers: Cloud hosting services
  • Analytics Services: Web analytics tools

We'll notify you of any new sub-processors and provide an opportunity to object.

10. Data Subject Rights

We will assist you in responding to data subject requests, including:

  • Access requests for personal data
  • Correction of inaccurate data
  • Deletion requests (right to be forgotten)
  • Data portability requests
  • Restriction of processing
  • Objection to processing

We'll respond to your assistance requests within the timeframes required by applicable law.

11. Data Breach Notification

In the event of a personal data breach, we will:

  • Notify you without undue delay and within 72 hours of becoming aware
  • Provide details of the breach and its potential impact
  • Describe measures taken or proposed to address the breach
  • Cooperate with you in breach response and notification to authorities/data subjects

12. Data Transfers

Personal data may be transferred to countries outside the EEA. We ensure adequate protection through:

  • EU Standard Contractual Clauses (SCCs)
  • Adequacy decisions from the European Commission
  • Other appropriate safeguards under GDPR

13. Audit and Compliance

We maintain comprehensive records of processing activities and make available to you:

  • All information necessary to demonstrate compliance with this DPA
  • Results of security audits and assessments
  • Documentation of security measures implemented

You may audit our compliance with reasonable notice and during business hours.

14. Return or Deletion of Data

Upon termination of services, we will:

  • Delete or return all personal data at your choice
  • Provide evidence of deletion upon request
  • Retain data only as required by law and inform you accordingly

15. Liability

We shall be liable for any damages caused by our breach of this DPA or applicable data protection laws. Our liability is subject to the limitations in our Terms of Service, except for liability for death or personal injury caused by our negligence.

16. Governing Law and Dispute Resolution

This DPA is governed by the laws of India. Disputes will be resolved through good faith negotiations and, if necessary, through binding arbitration in accordance with Indian law.

17. Contact Information

For matters relating to this DPA, contact our Data Protection Officer at [email protected]

18. Amendments

We may update this DPA to reflect changes in law or our services. We'll notify you of material changes and provide an opportunity to object to changes that adversely affect your rights.