Data Processing Agreement

This Data Processing Addendum ("DPA") forms part of the CallMissed Terms of Service between CallMissed Technologies Pvt. Ltd. ("Processor") and the customer ("Controller"). It applies when CallMissed processes personal data on behalf of the Controller under applicable data protection laws, including India's Digital Personal Data Protection Act, 2023 ("DPDPA") and the Digital Personal Data Protection Rules, 2025 ("DPDP Rules").

Note: This web version is provided for transparency. Enterprise customers may request a countersigned PDF and the current sub-processor schedule via karan@callmissed.com.

1. Definitions

• Personal Data — Any information relating to an identified or identifiable natural person processed via CallMissed services.
• Processing — Any operation performed on Personal Data, including collection, storage, transmission, and deletion.
• Sub-processor — A third party engaged by CallMissed to process Personal Data on our instructions.

2. Scope and roles

The Controller determines the purposes and means of processing customer end-user data. CallMissed processes such data only on documented instructions from the Controller, as configured in the dashboard, API, or a signed order form.

For account and billing data relating to the Controller's organisation, CallMissed acts as an independent Data Fiduciary. For end-user data processed through the Controller's bots and integrations, CallMissed acts as a Data Processor.

3. Data location

CallMissed hosts primary production systems on Microsoft Azure data centres in India (Central India region). Customer personal data and service content are ordinarily stored and processed within India unless we notify you otherwise in writing or applicable law requires a different approach.

4. Sub-processors

We engage vetted service partners who process personal data on our instructions and only for specified purposes. We do not publish partner or sub-processor names on public marketing or legal pages; enterprise customers may request the current sub-processor schedule via karan@callmissed.com or our Data Processing Agreement.

We maintain a written sub-processor register available to enterprise Controllers on request.

All sub-processors are bound by contracts requiring: (a) processing only on our instructions; (b) confidentiality; (c) security safeguards consistent with DPDP Rules Rule 6; (d) assistance with data principal requests; and (e) prompt breach notification.

We will notify Controllers of material sub-processor changes via email or dashboard notice at least 30 days in advance. Controllers may object on reasonable grounds relating to data protection.

5. Security measures

CallMissed implements technical and organizational measures summarised on our Security and Trust Center pages, including encryption in transit and at rest, access controls, tenant isolation, logging, and backups within India. Detailed control evidence is available to enterprise Controllers on request.

6. Data subject / data principal rights

CallMissed will assist the Controller in responding to data principal requests (access, correction, erasure, grievance) where technically feasible, via API and dashboard tools or manual support within timelines prescribed under applicable law.

7. Breach notification

CallMissed will notify the Controller without undue delay after becoming aware of a personal data breach affecting Controller data. Where required, we will also notify affected data principals and the Data Protection Board of India in accordance with DPDP Rules Rule 7 (including a detailed report within 72 hours where applicable).

8. Termination and data return

Upon termination, CallMissed will delete or return Personal Data within 30 days unless retention is required by law. See Account Deletion for self-service deletion steps.

9. Audits

Upon reasonable notice and subject to confidentiality, enterprise Controllers may request summaries of our security controls or completed audit reports where available. Onsite audits may be conducted no more than once per year unless required by regulators.

10. Contact

Privacy inquiries: support@callmissed.com
Legal / DPA countersignature: karan@callmissed.com
Grievance Officer: karan@callmissed.com