Data Processing Addendum (DPA) – iGlowly Assistant

Last updated: 30 March 2026

This Data Processing Addendum (“DPA”) forms part of the Terms of Service or Service Agreement (the “Agreement”) between the clinic customer (“Controller” or “Customer”) and iGlowly (“Processor”) for the provision of the iGlowly Assistant services (the “Services”).

This DPA applies where and to the extent that iGlowly processes Personal Data on behalf of the Customer in connection with the Services.

1. Definitions

For the purposes of this DPA:

• “Personal Data”, “Data Subject”, “Processing”, “Controller”, “Processor”, and “Personal Data Breach” have the meanings given in applicable Data Protection Laws, including the GDPR.
• “Data Protection Laws” means all applicable laws relating to data protection and privacy, including the EU General Data Protection Regulation (GDPR), UK GDPR, Swiss FADP, and, where applicable, the California Consumer Privacy Act (CCPA/CPRA).
• “Subprocessor” means a third party engaged by iGlowly to process Personal Data on behalf of the Customer.
• “Services” means the iGlowly Assistant and related services provided under the Agreement.
• “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with a party.

2. Roles of the Parties

The parties acknowledge and agree that:

• The Customer (clinic) is the Data Controller.
• iGlowly acts as a Data Processor when processing Personal Data on behalf of the Customer in connection with the Services.
• iGlowly may engage Subprocessors in accordance with Section 9 of this DPA.

The Customer determines the purposes and means of processing Personal Data.
iGlowly processes Personal Data only on documented instructions from the Customer, unless required by applicable law.

3. Nature of the Processing and Zero-PHI Architecture

The iGlowly Assistant is designed according to data minimisation, privacy-by-design, and a Zero-PHI architecture.

The Services are specifically designed so that:

• Chat messages are processed ephemerally in memory;
• Chat messages are sanitized before AI processing;
• Chat messages are not stored in databases;
• Chat messages are not written to logs;
• Chat messages are not included in backups;
• Chat transcripts and conversation history are not retained;
• Only structured, non-identifying analytics are stored.

iGlowly does not intentionally collect or store personal data or medical information through the Assistant chat interface.

However, if users voluntarily enter Personal Data into the chat, such data may be processed temporarily in memory for the purpose of generating a response, after which it is discarded and not stored.

4. Categories of Data Subjects

Depending on how the Customer uses the Services, data subjects may include:

• Visitors to the clinic website;
• Potential patients;
• Clinic staff using the dashboard or administrative interface;
• Customer representatives (billing, account, support contacts).

5. Categories of Personal Data

The Services are designed to avoid the storage of Personal Data. However, limited categories of Personal Data may be processed:

5.1 Assistant End-User Interaction (Ephemeral Processing Only)

May include (if voluntarily entered by a user):

• Name
• Email address
• Phone number
• Location information
• Any personal data voluntarily entered in a message

Such data is:

• Automatically sanitized where possible;
• Processed ephemerally;
• Not stored by iGlowly.

5.2 Customer Account and Business Contact Data

iGlowly may process limited Personal Data related to the Customer account, such as:

• Name of clinic contact person;
• Work email address;
• Billing information;
• Account login information;
• Support communications.

This data is processed for account management, billing, support, and service administration.

5.3 Anonymous Analytics Data

The Assistant stores only non-identifying structured analytics, such as:

• Topic requested (e.g., treatment type);
• Question category (e.g., pricing, recovery);
• Language;
• Date and time;
• Clinic identifier;
• Anonymous session identifier.

This data does not identify individuals.

6. Purpose of Processing

iGlowly processes data solely for the purpose of:

• Providing the Assistant service;
• Generating responses to user questions;
• Detecting and removing personal identifiers from messages;
• Providing anonymous demand analytics to the Customer;
• Maintaining, securing, and improving the Services;
• Managing Customer accounts, billing, and support.

iGlowly does not sell personal data, use it for advertising, or build user profiles based on chat content.

7. Processor Obligations

iGlowly shall:

• Process Personal Data only on documented instructions from the Customer;
• Ensure that persons authorized to process Personal Data are subject to confidentiality obligations;
• Implement appropriate technical and organizational measures to protect Personal Data;
• Assist the Customer in fulfilling its obligations under Data Protection Laws where applicable;
• Notify the Customer of a Personal Data Breach without undue delay;
• Delete or anonymise Personal Data upon termination of the Services, unless retention is required by law;
• Make available information reasonably necessary to demonstrate compliance with this DPA.

8. Confidentiality

iGlowly shall ensure that any person authorized to process Personal Data:

• Is subject to appropriate confidentiality obligations; and
• Processes Personal Data only as necessary to provide the Services.

9. Subprocessors

The Customer authorizes iGlowly to engage Subprocessors to provide the Services.

iGlowly shall:

• Maintain an up-to-date list of Subprocessors;
• Impose data protection obligations on Subprocessors equivalent to those set out in this DPA;
• Remain responsible for the performance of its Subprocessors.

If the Customer reasonably objects to a new Subprocessor on data protection grounds, the parties will work in good faith to find a reasonable solution. If no reasonable solution can be found, the Customer may terminate the affected Services.

10. International Data Transfers

Some Subprocessors may be located outside the European Economic Area, including in the United States.

Where Personal Data is transferred outside the EEA, UK, or Switzerland, iGlowly shall ensure that appropriate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission;
• The UK International Data Transfer Addendum;
• Other lawful transfer mechanisms where applicable.

11. Data Subject Rights

Taking into account the nature of the processing, iGlowly shall provide reasonable assistance to the Customer in responding to Data Subject requests, including requests for:

• Access
• Rectification
• Erasure
• Restriction
• Data portability
• Objection

If iGlowly receives a request directly from a Data Subject relating to Personal Data processed on behalf of the Customer, iGlowly may redirect the request to the Customer.

Because the Services are designed not to store chat messages or identifiable user data, iGlowly may not be able to identify a specific individual from stored data.

12. Personal Data Breach Notification

In the event of a Personal Data Breach affecting Personal Data processed on behalf of the Customer, iGlowly shall:

• Notify the Customer without undue delay;
• Provide available information regarding the breach;
• Take reasonable steps to mitigate and remediate the breach.

Notification of a breach does not constitute an admission of fault or liability.

13. Data Retention and Deletion

The Services are designed so that:

• Chat messages are not stored;
• Personal data submitted through chat is not retained;
• Anonymous analytics data may be stored for statistical analysis and service improvement;
• Customer account and billing data may be stored for the duration of the service relationship and as required by law.

Upon termination of the Services, iGlowly shall delete or anonymise Personal Data related to the Customer, unless retention is required by applicable law.

14. Audits and Compliance Information

iGlowly shall make available reasonable information necessary to demonstrate compliance with this DPA, such as:

• Security documentation;
• Subprocessor list;
• Privacy documentation;
• Zero-PHI architecture documentation;
• Description of technical and organizational measures.

Audits:

• Must be conducted with reasonable prior notice;
• Must not occur more than once per year unless required by law or following a security incident;
• Must be limited in scope and must not compromise the security of other customers;
• May be conducted via documentation review and remote audit where possible;
• The Customer shall bear the costs of audits unless otherwise required by law.

15. Customer Obligations

The Customer agrees that:

• It is responsible for ensuring that its use of the Services complies with Data Protection Laws;
• It will not intentionally submit or instruct iGlowly to process Personal Data or Protected Health Information through the Assistant in a manner inconsistent with the intended use of the Services;
• It is responsible for providing any required privacy notices to end users;
• It is responsible for determining whether the Services are appropriate for its intended use.

16. Order of Precedence

In the event of conflict between:

1. Standard Contractual Clauses;
2. This DPA;
3. The Terms of Service or Agreement;

The order of precedence shall be as listed above with respect to data protection matters.

17. Governing Law

This DPA shall be governed by the law specified in the main Service Agreement, unless otherwise required by applicable Data Protection Laws.

Annex A – Details of Processing

Subject matter: Provision of the iGlowly Assistant service.
Nature of processing: Temporary processing of user messages, automated sanitisation, response generation, storage of anonymous analytics, account and billing management.
Purpose of processing: To provide and maintain the Services.
Duration of processing: For the duration of the Agreement and as required for service provision and legal obligations.
Categories of data subjects: Website visitors, potential patients, clinic staff, customer contacts.
Categories of personal data: As described in Section 5 of this DPA.

Annex B – Subprocessors and Transfers

Subprocessors are listed on the Subprocessors page and may include providers for:

• Infrastructure hosting;
• Database hosting;
• AI processing;
• Personal data detection and redaction;
• Payment processing;
• Frontend delivery.

International transfers are protected using Standard Contractual Clauses and other lawful safeguards.

Annex C – Technical and Organisational Measures

Technical and organisational measures include:

• Encryption in transit (HTTPS/TLS);
• Encryption at rest for stored data;
• Access control and authentication;
• Logical data isolation between clinics;
• Ephemeral message processing;
• No storage of chat messages;
• Automated personal data sanitisation;
• Rate limiting and abuse protection;
• Secure infrastructure providers;
• Regular security updates and monitoring.

‍