Data Processing Agreement
Last updated · July 1, 2026
This Data Processing Agreement (“DPA”) forms part of the Master Service Agreement between Zyno AI Inc(“Processor,” “Perit”) and the customer (“Controller”) and governs the processing of personal data in connection with Perit's expert data services.
Scope and roles
The Controller determines the purposes and means of processing personal data contained in training materials, evaluation sets, and project specifications. Perit processes this data solely on documented instructions from the Controller to deliver expert annotation, adjudication, and data delivery services.
Processing activities
- Routing training tasks to verified domain experts matched by credential and domain.
- Capturing expert reasoning, annotations, and adjudication decisions.
- Delivering structured output to Controller-specified storage (cross-account S3, Box, or custom endpoint).
- Maintaining audit logs of all data access and processing events.
Sub-processors
Perit uses the following sub-processors, all bound by equivalent data protection obligations:
- Amazon Web Services (US) — cloud infrastructure and storage
- Stripe (US) — payment processing for expert compensation
- Checkr (US) — background verification for expert onboarding
- Zoom (US) — domain interview recordings (retained 90 days, then deleted)
Controllers will be notified 30 days before any sub-processor change. Objections may be raised within 14 days.
Data location and transfers
Primary processing occurs in AWS US and EU regions. Expert operations across our delivery centers in Southeast Asia and Latin America process data under Standard Contractual Clauses (SCCs) with supplementary technical measures including encryption and access logging. No personal data is stored outside Controller-specified regions without prior written consent.
Security measures
Perit implements the controls described on our Security page, including SOC 2 Type II attestation, HIPAA compliance for medical engagements, AES-256 encryption, MFA-enforced access, and independent audit logging.
Data subject rights
Perit will assist the Controller in responding to data subject access, rectification, erasure, and portability requests within 15 business days. Expert personal data (credentials, interview records) is managed per our Privacy Policy.
Breach notification
Perit will notify the Controller within 24 hours of becoming aware of a personal data breach affecting Controller data, including the nature of the breach, categories of data affected, and remediation steps taken.
Data return and deletion
Upon termination of services, Perit will delete or return all Controller personal data within 30 days, unless retention is required by law. Deletion certificates are provided upon request.
Request a signed DPA
Enterprise customers can request a countersigned DPA by contacting legal@perit.ai. We typically turn around signed agreements within 5 business days.