Data Processing Agreement

Last updated: January 26, 2026

1. Parties and Scope

This Data Processing Agreement ("DPA") forms part of the agreement between MB Su idėja ("Processor", "VoiceCap") and the entity using VoiceCap services ("Controller", "Customer").

This DPA governs the processing of personal data by VoiceCap on behalf of the Customer in connection with the provision of AI meeting transcription and summarization services.

2. Definitions

  • "Personal Data" means any information relating to an identified or identifiable natural person
  • "Processing" means any operation performed on personal data
  • "Data Subject" means an identified or identifiable natural person whose personal data is processed
  • "Sub-processor" means any third party engaged by VoiceCap to process personal data
  • "GDPR" means the General Data Protection Regulation (EU) 2016/679

3. Subject Matter and Duration

Subject Matter: Processing of personal data contained in audio recordings uploaded by the Customer, including transcription, summarization, and storage of meeting content.

Duration: This DPA remains in effect for the duration of the service agreement and until all personal data has been deleted or returned.

Nature and Purpose: Automated processing of audio files to generate text transcriptions and AI-powered meeting summaries for the Customer's business use.

4. Categories of Data and Data Subjects

Categories of Personal Data processed:

  • Voice recordings containing spoken words of meeting participants
  • Names and identifying information mentioned in meetings
  • Business discussions and decisions captured in recordings
  • Metadata such as meeting dates, times, and participant information provided by Customer

Categories of Data Subjects:

  • Customer's employees and contractors
  • Customer's clients and business partners
  • Any other individuals whose voices are captured in uploaded recordings

5. Processor Obligations

VoiceCap shall:

  • Process personal data only on documented instructions from the Customer
  • Ensure that persons authorized to process personal data have committed to confidentiality
  • Implement appropriate technical and organizational security measures
  • Assist the Customer in responding to data subject requests
  • Assist the Customer in ensuring compliance with security, breach notification, and impact assessment obligations
  • Delete or return all personal data at the Customer's choice upon termination
  • Make available all information necessary to demonstrate compliance

6. Security Measures

VoiceCap implements the following security measures:

  • Encryption: AES-256 for data at rest, TLS 1.3 for data in transit
  • Access Control: Role-based access control, multi-factor authentication for administrative access
  • Infrastructure: Processing on SOC 2 Type II and ISO 27001 certified infrastructure
  • Data Location: All data stored within EU data centers, processing fully GDPR compliant
  • Monitoring: Continuous security monitoring and audit logging
  • Incident Response: Documented incident response procedures

7. Sub-processors

The Customer authorizes VoiceCap to engage the following sub-processors:

  • Audio transcription provider (GDPR compliant with appropriate safeguards)
  • Google LLC (Vertex AI) - AI summarization processing (GDPR compliant)
  • Amazon Web Services - File storage and email services (EU region)
  • Neon Inc. - Database hosting (EU region)

VoiceCap shall inform the Customer of any intended changes to sub-processors, giving the Customer the opportunity to object. VoiceCap shall ensure that sub-processors are bound by data protection obligations no less protective than those in this DPA.

8. International Data Transfers

Personal data is stored within the European Union. If any processing or transfer outside the EU/EEA is required for service functionality, VoiceCap shall ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions where applicable
  • Any other legally recognized transfer mechanism

9. Data Subject Rights

VoiceCap shall assist the Customer in fulfilling data subject requests including:

  • Access to personal data
  • Rectification of inaccurate data
  • Erasure of personal data
  • Restriction of processing
  • Data portability
  • Objection to processing

VoiceCap shall notify the Customer promptly if it receives a request directly from a data subject, unless legally prohibited from doing so.

10. Personal Data Breach

In the event of a personal data breach, VoiceCap shall:

  • Notify the Customer without undue delay, and no later than 48 hours after becoming aware of the breach
  • Provide information about the nature of the breach, categories of data affected, and approximate number of data subjects
  • Describe the likely consequences of the breach
  • Describe the measures taken or proposed to address the breach

VoiceCap shall cooperate with the Customer in investigating and mitigating the breach.

11. Audits and Compliance

VoiceCap shall make available to the Customer all information necessary to demonstrate compliance with this DPA and allow for audits conducted by the Customer or an appointed auditor.

Audits shall be conducted with reasonable notice, during normal business hours, and shall not unreasonably interfere with VoiceCap's operations. The Customer shall bear the costs of any audit unless the audit reveals material non-compliance.

12. Return and Deletion of Data

Upon termination of the service agreement, VoiceCap shall, at the Customer's choice:

  • Return all personal data to the Customer in a commonly used format, and/or
  • Delete all personal data and certify such deletion

Deletion shall be completed within 30 days of termination, unless applicable law requires longer retention.

13. Liability

Each party's liability under this DPA is subject to the limitations set forth in the main service agreement.

VoiceCap shall be liable for damages caused by processing that does not comply with this DPA or the GDPR, or where it has acted outside of or contrary to the Customer's lawful instructions.

14. Contact Information

For questions about this DPA or to exercise your rights, please contact:

MB Su idėja K. Baršausko g. 59 Kaunas, 51423 Lithuania Email: hello@voicecap.ai

Data Protection matters: hello@voicecap.ai