Data Processing Agreement
Last updated: April 16, 2026
This is a summary and template. The fully-executable DPA is available on Enterprise plans. Email legal@reconnaissance.ai to request a signed copy.
Parties
Controller: You, the customer organisation using the Service.
Processor: Reconnaissance AI (the company), registered in Switzerland.
Scope
This DPA applies to the processing of personal data by Reconnaissance on behalf of the customer as described in the main Terms of Service. It incorporates the Standard Contractual Clauses (2021/914) for international data transfers.
Subject matter
Provision of AI-powered sales and marketing intelligence tooling, including signal monitoring, research generation, outreach drafting, live-call assistance, and pipeline management.
Duration
Matches the term of the customer's subscription. Data processing terminates upon subscription termination, with a 30-day export window and subsequent deletion.
Categories of data
- Identification data: names, email addresses, job titles
- Professional data: company affiliation, LinkedIn URL, role
- Communication data: emails sent/received, calls made, call transcripts
- Usage data: product telemetry, AI generation logs
No special categories of data (health, biometric, etc.) are processed.
Categories of data subjects
- Customer's employees and authorised users
- Customer's prospects, leads, and contacts added to the workspace
- Individuals whose publicly-available professional information is processed for signal detection
Sub-processors
| Sub-processor | Purpose | Location |
|---|---|---|
| Supabase | Primary data storage | US / EU (configurable) |
| Netlify | Application hosting | Global CDN, US origin |
| Anthropic | Claude LLM inference | US |
| OpenAI | GPT LLM inference (optional) | US |
| Gemini LLM, OAuth, Calendar | US / EU | |
| Stripe | Payment processing | US / EU |
| Deepgram | Call transcription (opt-in) | US |
| Sentry | Error monitoring (PII-scrubbed) | US / EU |
We commit to notifying customers at least 14 days in advance of any new sub-processor being added.
Security
Reconnaissance implements technical and organisational measures described in our Security page, including encryption in transit and at rest, row-level security, least-privilege access, and PII scrubbing in monitoring.
Data subject rights
Reconnaissance shall assist the controller in responding to data subject access, rectification, erasure, and portability requests within 30 days of receipt.
Data transfers
International transfers rely on the Standard Contractual Clauses (2021/914) and, where applicable, the EU-US Data Privacy Framework. EU data residency is available on Enterprise plans.
Breach notification
In the event of a personal data breach, Reconnaissance will notify the customer without undue delay and in any case within 72 hours of becoming aware of the breach.
Audits
Enterprise customers may request an annual audit of Reconnaissance's technical and organisational measures, at the customer's cost, with 30 days' written notice.
Liability
Liability under this DPA is subject to the limitations set forth in the main Terms of Service.
Contact
DPA execution and questions: legal@reconnaissance.ai. Data Protection Officer (Enterprise): available on request.