Our DPA explains how IONI acts as a data processor, the security measures we apply, and the rights and responsibilities of our customers as data controllers under GDPR.
This Data Processing Agreement (“DPA”) is incorporated into the Terms & Conditions between IONI (legal name - Springs LLC) (“Processor”) and any customer using the IONI services (“Controller”).
By using the IONI services, the Controller accepts this DPA, which forms part of the Agreement. This DPA governs the processing of personal data by Processor on behalf of Controller in connection with the IONI SaaS platform. Processing continues for as long as the Agreement is in force.
Controller decides the purposes and means of personal data processing.
Processor processes data only on instructions from Controller, unless required by law.
The personal data processed may include:
- Contact details (names, emails, phone numbers);
- Account details (usernames, login credentials);
- Business content and communications uploaded by Controller.
Data subjects may include Controller’s employees, contractors, customers, or other individuals whose data is provided by Controller.
Processor will:
- process personal data only under Controller’s instructions;
- ensure authorised personnel are bound by confidentiality;
- implement appropriate technical and organisational measures (“TOMs”) for security;
- assist Controller with data subject rights, breach notifications, and DPIAs;
- delete or return personal data upon termination, unless law requires retention;
- provide information to demonstrate compliance and allow for audits.
Controller authorises Processor to use sub-processors listed at Privacy Policy.
Processor will impose equivalent data protection obligations on all sub-processors.
Controller will be notified of changes and may object.
If data is transferred outside the EEA/UK, Processor ensures appropriate safeguards like EU Standard Contractual Clauses.
Processor shall assist Controller in responding to requests from data subjects under GDPR Articles 15–22.
Processor maintains appropriate TOMs (e.g., encryption, access control, monitoring).In the event of a personal data breach, Processor notifies Controller without undue delay.
Controller may conduct audits or inspections once per year (unless otherwise required).
Compliance may also be demonstrated via independent certifications or audit reports.
Liability follows the limitations set out in the Agreement, except where GDPR requires otherwise.
When the Agreement ends, Processor will delete or return all personal data unless retention is required by law.
This DPA is governed by the law and jurisdiction specified in the Agreement.
- Purpose: Provision of IONI SaaS platform
- Data Types: Contact details, account data, business content
- Data Subjects: Users, employees, contractors, customers
- Duration: For the term of the Agreement
- Encryption in transit (TLS) and at rest;
- Access controls, strong authentication, role-based permissions;
- Regular backups and secure storage;
- Monitoring, logging, intrusion detection;
- Security awareness training for staffIncident response and breach management procedures
This DPA is pre-signed by IONI (legal name - Springs LLC)
It automatically applies to all Controllers using the Services.
Customers may request a signed PDF copy via sergey@ioni.ai.
