Processor obligations
Yumaze AI only processes personal data on documented instructions from the controller and maintains activity logs for all automations.
Our DPA aligns with GDPR, CCPA, and global hospitality requirements. The summary below outlines the promises we make as your automation partner.
Yumaze AI only processes personal data on documented instructions from the controller and maintains activity logs for all automations.
We require equivalent contractual safeguards with all subprocessors and provide advance notice before changes take effect.
Annual SOC 2 Type II reviews, penetration tests, and the right for controllers to request additional audits with notice.
We incorporate the latest EU and UK SCCs by reference. Cross-border transfers rely on these safeguards plus regional data residency options where required.
Existing customers can download the executed DPA from the portal. Prospects can request the template by emailing legal@yumaze.ai.