Solutions

Who it’s for

How it works

Meet Molly
Meet Molly
Join the waitlist
Join the waitlist

Data Processing Agreement

Data Processing Agreement

Effective Date: 25/12/2025

Last Updated: 25/12/2025

1. Scope and Role

1. Scope and Role

This DPA applies to the processing of personal data by Overpath Limited ("Processor") on behalf of the Customer ("Controller") in the course of providing the Overpath Services.

  • Controller: The Customer who determines the purpose of data processing.

  • Processor: Overpath Limited, an Irish corporation.

2. Processing of Personal Data

2. Processing of Personal Data

Overpath shall process personal data only on documented instructions from the Customer, including with regard to transfers of personal data to a third country, unless required to do so by European Union or Member State law.

  1. Confidentiality and Training

  1. Confidentiality and Training

Overpath ensures that all personnel authorized to process personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality and have received appropriate security awareness training.

  1. Security Measures

  1. Security Measures

Taking into account the state of the art and the nature of the processing, Overpath shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption: Data at rest (AES-256) and data in transit (TLS 1.2+).

  • Access Control: Multi-Factor Authentication (MFA) and Least Privilege access models.

  • Resilience: Regular backups and disaster recovery protocols via AWS infrastructure.

  1. Sub-processors

The Customer provides a general authorization for Overpath to engage sub-processors. Overpath shall:

  • Maintain an up-to-date list of sub-processors.

  • Ensure that any sub-processor is bound by data protection obligations equivalent to those in this DPA.

  • Inform the Customer of any intended changes concerning the addition or replacement of sub-processors.


Please refer to our authorised sub-processors at https://www.overpath.ai/subprocessors.

  1. Data Subject Rights

Overpath shall, insofar as is possible, assist the Customer by appropriate technical and organizational measures for the fulfillment of the Customer’s obligation to respond to requests for exercising the data subject's rights (e.g., access, deletion, or portability).

  1. Personal Data Breach Notification

In the event of a confirmed personal data breach, Overpath shall notify the Customer without undue delay (and in any event within 72 hours) after becoming aware of the breach, providing sufficient information to allow the Customer to meet its obligations to notify authorities or data subjects.

  1. Audit Rights

Overpath shall make available to the Customer all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer.

Annex 1: Details of Processing

Subject Matter: Provision of the Overpath AI-powered platform.

Duration: The term of the Service Agreement plus the period until all data is deleted or returned.

Nature/Purpose: To provide, maintain, and improve the Services, including AI analysis and automation of tasks and workflows on behalf of the Customer.

Data Types: Names, email addresses, phone numbers, usage data, commercial data.

Data Subjects: Customer employees, end-users, customer customers and prospects and authorized representatives.

Definitions and legal reference

Overpath(or this Application)

The property that enables the provision of the Service.

© 2026 Overpath Ltd. All Rights Reserved.

Contact

Contact

Cookie Policy

Privacy Policy

Privacy Policy

Security

Security

Terms of Service

Terms of Service

© 2026 Overpath AI. All rights reserved.

© 2026 Overpath AI. All rights reserved.