Data Processing Agreement

Last updated: 2026-05-19

This Data Processing Agreement (“DPA”) forms part of the Terms of Service between Zyppr (“Processor”) and the customer (“Controller”) using Copple. It governs the processing of Personal Data submitted to the Service.

1. Subject matter

Processor processes Personal Data on behalf of the Controller solely to provide the Copple service (scheduling, video, transcripts, AI insights, invoicing, follow-up email drafting).

2. Duration

Processing continues for the term of the underlying agreement plus any retention period required by law or as set out in the Privacy Policy.

3. Nature and purpose

Storage, transmission, transcription, summarisation, and analysis of coach-uploaded content (client records, session audio, transcripts, notes, calendar events, invoices).

4. Categories of data subjects

Controller's clients, prospects, and any other individuals whose Personal Data the Controller submits to the Service.

5. Categories of Personal Data

• Contact details (name, email, phone)
• Session metadata (date, duration, attendees)
• Session audio, video, and transcripts
• Coach notes and AI-generated insights
• Billing and payment information

6. Sub-processors

Processor uses the sub-processors listed at /legal/privacy. Controller is notified of changes 30 days in advance.

7. Security measures

Processor implements the technical and organisational measures set out at /legal/security, including encryption in transit and at rest, access controls, audit logging, and zero-retention LLM contracts.

8. Data subject rights

Processor assists the Controller in responding to data subject requests (access, rectification, erasure, portability) within reasonable timelines.

9. International transfers

Where Personal Data is transferred outside the EEA or UK, Processor relies on Standard Contractual Clauses and applicable supplementary measures.

10. Data breach notification

Processor notifies the Controller without undue delay (and within 72 hours where feasible) after becoming aware of a Personal Data breach.

11. Return or deletion

On termination, Personal Data is deleted or returned at the Controller's choice, except where retention is required by law.

12. Contact

For DPA execution or questions: privacy@coppleos.com