Vertical AI
    • Features
    • Use Cases
    • Pricing
    • Performance
    • Healthcare
    • Financial Services
    • Insurance
    • Logistics
    • Home Services
    • Retail
    • Hospitality
    • Debt Collection
    • View all →
    • vs Retell AI
    • vs Bland AI
    • vs Vapi
    • vs Synthflow
    • Security
    • Privacy
    • Terms
    • Sub-processors
    • DPA
    • Changelog
    • Contact
    • Press
  • Enterprise
Book a demo
Product
FeaturesUse CasesPricingPerformance
Industries
HealthcareFinancial ServicesInsuranceLogisticsHome ServicesRetailHospitalityDebt CollectionView all →
Compare
vs Retell AIvs Bland AIvs Vapivs Synthflow
Resources
SecurityPrivacyTermsSub-processorsDPAChangelog
Company
ContactPress
Enterprise
Book a demo

DPA

Data processing agreement.

GDPR Article 28 and APP 8 obligations covered by the standard agreement. Custom DPAs available for regulated entities.

Email legal teamSub-processor list

01 · Overview

One signature, both regimes

Our standard Data Processing Agreement covers the obligations of GDPR Article 28 (controller / processor terms) and Australian Privacy Principle 8 (cross-border disclosure of personal information). Most SMB and mid-market deals are covered by signing it as written.

Email legal@verticalai.com.au with your registered entity name and we will send the latest version of the DPA as a PDF for counter-signature.

Custom DPAs are available for regulated entities (healthcare, financial services, superannuation) on request.

02 · What the DPA covers

Sections in the standard agreement

Subject

Subject matter and duration

The scope of personal data processed under the main agreement, the duration of processing, and the trigger events that end it.

Scope

Nature and purpose of processing

Processing strictly to operate the inbound voice agent service. No secondary use, no profiling for advertising, no data sales.

Vendors

Sub-processor list

Named sub-processors with the data shared and region of operation. Thirty days' notice before any addition.

Security

Technical and organisational measures

Encryption in transit and at rest, RLS-based tenant isolation, append-only audit log, hardened response headers, secret store discipline.

Breach

Notification within 72 hours

Written notice of any personal data breach as soon as practicable, and within 72 hours of becoming aware where feasible.

Subjects

Data subject rights

Cooperation on access, correction, erasure, and portability requests within statutory timelines.

Audit

Audit cooperation

Reasonable assistance and information to demonstrate compliance, on written request, subject to confidentiality and minimum-disruption protections.

Exit

Return or deletion at termination

On termination, customer-supplied data is returned or hard-deleted on request within 30 days. Audit log entries retained for security purposes.

03 · How to request the DPA

One short email

Email legal@verticalai.com.au with:

Your registered entity name and ACN or equivalent. The signing authority's name and email. The jurisdiction governing your contract. Any specific regulatory regime that applies to your business (for example, APRA-regulated, HIPAA-covered entity, or My Health Records Act).

We respond within two business days with the standard DPA or, where a custom DPA is required, with a redline timeline.

Need the DPA?

Email the legal team with your entity name. Custom agreements available for regulated entities.

Email legal team
ProductFeaturesUse casesPricingPerformance
ExploreIndustriesCompareEnterpriseDocs
CompanyContactPressLocationsChangelog
LegalSecurityPrivacyTermsSub-processorsDPA
© 2026 VerticalAI · Built in Perth · Hosted in AustraliaVoice AI you can trust