Data Processing Agreement

1. Overview

This Data Processing Agreement ("DPA") forms part of the Terms of Service between LSI intelligence ("X1," "we," "us," or "Processor") and the customer or organization using the LSI intelligence platform ("Customer," "you," or "Controller"). This DPA applies when X1 processes personal data on behalf of Customer in connection with the Services.

If there is a conflict between this DPA and the Terms of Service regarding personal data processing, this DPA controls only for that processing conflict. All other terms remain governed by the Terms of Service.

2. Roles of the Parties

Customer determines the purposes and means of processing Customer Data submitted to the Services. X1 processes Customer Data only to provide, secure, maintain, support, and improve the Services as described in the Terms of Service, Privacy Policy, and this DPA.

• Customer is the controller or business for Customer Data where applicable privacy law uses those terms.
• X1 is the processor or service provider for Customer Data where applicable privacy law uses those terms.
• Each party is responsible for complying with the privacy and data protection laws that apply to its role.

3. Data Subject Matter and Categories

The subject matter of processing is the provision of LSI intelligence software, platform access, account management, support, billing, protection, and related services. The duration of processing is the term of Customer's use of the Services plus any retention period required by law, service protection, business continuity, dispute resolution, or legitimate business need.

• Categories of data subjects: account users, administrators, authorized operators, support contacts, billing contacts, and individuals whose information is submitted to the Services by Customer.
• Categories of personal data: account identifiers, contact details, account-related records, transaction-related records, support messages, service activity records, and other information submitted to or generated through the Services.
• Special categories: Customer must not submit regulated sensitive data unless X1 has expressly agreed in writing that the Services are configured and authorized for that processing.

4. Customer Instructions

X1 will process Customer Data only on documented instructions from Customer. The Terms of Service, Privacy Policy, this DPA, account settings, administrator actions, support requests, and authorized product use constitute Customer's documented instructions unless otherwise agreed in writing.

X1 may decline or suspend processing instructions that appear unlawful, unsafe, technically unsupported, or inconsistent with the security of the Services. X1 will notify Customer where legally permitted if it cannot follow an instruction.

5. Security Measures

X1 will maintain technical and organizational measures designed to protect Customer Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access. These measures are designed according to the nature of the Services, the processing risk, and the current state of security practice.

• Access controls and authorization safeguards.
• Protective measures for service integrity, confidentiality, availability, and resilience.
• Administrative controls for privileged access and account governance.
• Logical and organizational controls designed to protect customer-related records.
• Review and investigation processes for suspected misuse or unauthorized activity.
• Continuity and retention controls appropriate for service operations.

6. Confidentiality

X1 will ensure that personnel authorized to process Customer Data are bound by confidentiality obligations or are subject to an appropriate statutory duty of confidentiality. X1 will limit access to Customer Data to personnel and systems that require access for service delivery, security, support, maintenance, compliance, or legal obligations.

7. Service Providers

Customer authorizes X1 to use contracted providers to provide, protect, support, and improve the Services. X1 remains responsible for providers that process Customer Data on X1's behalf and will require such providers to protect Customer Data using obligations materially consistent with this DPA.

X1 may update contracted providers as required to operate the Services. Where required by law or enterprise agreement, X1 will provide notice of material provider changes and a reasonable opportunity to object on legitimate data protection grounds.

8. Data Subject Requests and Customer Assistance

Customer is responsible for responding to data subject requests where Customer controls the relevant data. Taking into account the nature of processing and information available to X1, X1 will provide reasonable assistance to Customer for access, correction, deletion, portability, objection, restriction, or similar requests required by applicable law.

If X1 receives a request directly from a data subject relating to Customer Data, X1 may direct the requester to Customer unless legally required to respond directly.

9. Security Incidents

X1 will notify Customer without undue delay after becoming aware of a confirmed security incident involving unauthorized access to or disclosure of Customer Data processed by X1. The notice will include information reasonably available to X1, including the nature of the incident, affected data categories where known, remediation steps, and recommended Customer actions.

X1's notification of a security incident is not an admission of fault, liability, or violation of law. Customer is responsible for any legally required notifications to affected individuals or regulators unless otherwise required by law.

10. International Transfers

Customer Data may be processed in the United States and other jurisdictions where X1 or its contracted providers operate. Where applicable law requires a transfer mechanism, the parties will rely on legally recognized transfer safeguards or another valid transfer mechanism.

11. Return, Suspension, and Deletion

Upon termination of Services, Customer may request export of Customer Data where available and legally permitted. X1 may retain data as required for legal compliance, service protection, business continuity, billing, dispute resolution, fraud prevention, or legitimate business purposes.

Account deletion requests are processed manually. Certain data may be suspended, restricted, archived, or retained rather than immediately removed where retention is required or justified by legal, protective, compliance, continuity, or operational requirements.

12. Audit and Compliance

X1 will make reasonable information available to demonstrate compliance with this DPA where required by applicable law or enterprise agreement. Any review must be conducted in a manner that protects X1 systems, other customers, confidential information, protective controls, and service availability.

Customer may not conduct testing or audit activity that degrades, scans, attacks, bypasses, or attempts to access X1 systems outside an approved written security review process.

13. Customer Obligations

Customer is responsible for lawful collection, use, disclosure, and submission of Customer Data to the Services. Customer must maintain all notices, consents, legal bases, authorization, and internal policies required for its use of the Services.

• Customer must not submit data that violates law, third-party rights, or contractual obligations.
• Customer must configure accounts, roles, and users according to least privilege.
• Customer must promptly notify X1 of suspected compromise, misuse, or unauthorized account activity.
• Customer must not use the Services for prohibited processing described in the Acceptable Use Policy.

14. Contact

For questions about this Data Processing Agreement or privacy-related requests, contact LSI intelligence at:

LSI intelligence
Email: legal@Lsiintelligence.com
Privacy: privacy@Lsiintelligence.com
Support: Available through the Platform's built-in support system