Data Processing Agreement
Last updated: April 23, 2026
Note for founder: This is a placeholder DPA for practitioner customers. Final version should be prepared by counsel. Most relevant for practitioners listed in the directory who process end-user personal information through their own systems after lead handoff.
Parties
This Data Processing Agreement is between CellIntel.ai ("Controller") and the practitioner or clinic listing on CellIntel.ai ("Processor").
Subject matter
When a CellIntel.ai user opts to contact a practitioner via the directory, the practitioner may receive the user's name and contact information for the purpose of responding to the inquiry. This DPA governs that limited data processing.
Processor obligations
- Use user data only for the purpose of responding to the user's inquiry.
- Implement appropriate technical and organizational security measures.
- Notify CellIntel.ai of any suspected data breach within 48 hours.
- Permit audit by CellIntel.ai or its authorized representative upon reasonable notice.
- Delete user data upon reasonable user request or within 24 months of last contact.
- Comply with applicable HIPAA, HITECH, CCPA, and other data protection laws.
Subprocessors
Practitioners may engage their own subprocessors under equivalent contractual protections.
Liability and indemnification
Practitioner agrees to indemnify CellIntel.ai for any claims, losses, or damages arising from practitioner's breach of this DPA or applicable data protection laws.
Term
This DPA remains in effect for the duration of the practitioner's listing on CellIntel.ai plus a 24-month tail.