PixediReelio
Drafted internally. Drafted by Pixedi engineering. This pack has not been reviewed by external counsel. We will publish counsel-reviewed versions when any trigger in docs/37 §7 fires.

Data Processing Addendum

Version v1.0.0 · Effective 2026-05-12 · Last updated 2026-05-12

1. Parties and scope

This Data Processing Addendum (the "Addendum") supplements the Terms of Service between you ("Customer," "Controller") and Pixedi Digital Agency Limited, a private limited company incorporated in England and Wales (company number 16968210) with its registered office at Flat 5-7 Leamington Road, Stockport, England, SK5 6BD ("Pixedi," "Processor").

This Addendum applies to Pixedi's processing of personal data on the Customer's behalf in connection with the Aristo AI receptionist service (the "Service"). It does not apply to personal data for which Pixedi is the controller (account, billing, and direct relationship data), which is governed by the Privacy Policy at /legal/privacy. In the event of conflict between the Terms of Service and this Addendum on a matter of processing on the Customer's behalf, this Addendum prevails.

2. Subject matter of the processing

Pixedi provides the Service: an AI receptionist that delivers chatbot conversations and voice-based conversations with website Visitors on behalf of the Customer, captures leads, sends notification emails to the Customer, redirects Visitors to a Google Calendar booking page where booking is enabled, and surfaces conversation and lead records in a dashboard. In the course of providing the Service, Pixedi processes personal data of Visitors and Customer personnel on the Customer's behalf.

3. Duration

Processing under this Addendum begins when the Customer first uses the Service and continues for the duration of the Customer's subscription, plus any post-termination retention period required to fulfil deletion, return, or legal-retention obligations under this Addendum, the Privacy Policy, and applicable law.

4. Nature and purpose of the processing

Pixedi processes personal data on the Customer's behalf to: receive and respond to Visitor enquiries through chat and voice; transcribe voice conversations for the purpose of generating real-time responses and producing a written record; capture lead and contact details that Visitors choose to share; notify the Customer of new enquiries by email; redirect Visitors to a Google Calendar booking page when booking is enabled; and surface conversation and lead history in the Customer's dashboard.

Pixedi does not process Customer personal data for its own marketing or for any other purpose outside the documented instructions in this Addendum and the Service configuration set by the Customer.

5. Categories of data subjects

Processing under this Addendum may relate to: Visitors to the Customer's website who interact with the Pixedi widget; the Customer's staff and administrator users who configure and operate the Service; and business contacts whose details Visitors share through enquiries (for example a contact name or company).

6. Categories of personal data

Categories include: name, email address, phone number, chat message content, voice transcript content, enquiry or booking details, page URL the widget was loaded on, IP address, user-agent, and timestamps. Voice conversations may be streamed to OpenAI for real-time processing. Raw voice audio is not stored by Aristo. If raw audio storage is introduced in a future version, this Addendum and the Privacy Policy must be updated and the Customer notified before that change takes effect.

7. Processor commitments

Pixedi will: (a) process Customer personal data only on the Customer's documented instructions, including those reflected in the Service configuration and this Addendum, except where required by law to do otherwise; (b) ensure that persons authorised to process Customer personal data are subject to obligations of confidentiality; (c) take appropriate technical and organisational measures to protect Customer personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage, taking account of the nature of the data and the risks of the processing; (d) assist the Customer, taking into account the nature of the processing and the information available to Pixedi, in responding to requests from data subjects exercising their rights and in fulfilling its obligations relating to security, breach notification, and data protection impact assessments; (e) on request, make available to the Customer information reasonably necessary to demonstrate compliance with this Addendum; and (f) at the end of the provision of the Service, delete or return Customer personal data in accordance with the Privacy Policy's retention rules and any deletion request received from the Customer.

8. Sub-processors

The Customer authorises Pixedi to engage the sub-processors listed at /legal/subprocessors, which reflect the current operational stack. Where Pixedi engages a sub-processor to carry out specific processing activities on the Customer's behalf, Pixedi will impose data-protection obligations on that sub-processor that are no less protective than those set out in this Addendum.

Pixedi will inform Customers of any intended addition or replacement of a material sub-processor through the dashboard, an email notice, or an update to the Sub-processors page, giving the Customer a reasonable opportunity to object where practicable. Pixedi remains liable to the Customer for the performance of each sub-processor's data protection obligations.

9. Security incidents

Pixedi will notify the Customer without undue delay after becoming aware of a personal data breach affecting Customer personal data, and will provide the Customer with information reasonably available to Pixedi about the nature of the breach, the categories and approximate number of data subjects and records concerned, the likely consequences, and the measures taken or proposed to address the breach and mitigate its effects.

10. International transfers

The sub-processors listed at /legal/subprocessors operate from a range of regions, including outside the United Kingdom and the European Economic Area. Where Customer personal data is transferred outside the United Kingdom or the EEA, Pixedi will rely on a transfer mechanism that satisfies applicable data protection law — typically the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, the EU Standard Contractual Clauses, or another lawful mechanism made available by the relevant sub-processor and incorporated by reference into Pixedi's agreement with that sub-processor.

11. Audit and information rights

Pixedi will provide the Customer with reasonable information to demonstrate compliance with this Addendum. Where audit rights are required by law and cannot reasonably be satisfied by the information Pixedi already makes available, the parties will agree in writing the scope, scheduling, and confidentiality terms of any such audit, at the requesting party's cost, in a manner that does not unreasonably interfere with Pixedi's operations or the security or confidentiality of other customers' data.

12. Return and deletion at end of service

On termination of the Customer's subscription, Pixedi will retain Customer personal data only for the retention period set out in the Privacy Policy, after which the data will be deleted or anonymised, except where Pixedi is required by law to retain it. The Customer may request earlier deletion of specified Customer personal data at any time through the dashboard or by writing to support@pixedi.com.

13. Contact

Notices and data-protection enquiries relating to this Addendum may be sent to support@pixedi.com.