Effective date: 20 June 2026 · Last updated: 20 June 2026
Summary: When SideMind processes data about your customers on your behalf, we act as your data processor. This agreement sets out how we handle that data responsibly.
1. Purpose
This Data Processing Agreement (DPA) applies between SideMind (ABN 14 649 487 237) as the data processor and the Client as the data controller. It governs the processing of personal data that SideMind handles on behalf of the Client in connection with the services provided.
2. Definitions
Personal Data: Any information relating to an identified or identifiable individual, including names, phone numbers, email addresses, and conversation records
Data Controller: The Client, who determines the purposes and means of processing personal data
Data Processor: SideMind, which processes personal data on behalf of the Client
Processing: Any operation performed on personal data, including collection, storage, use, and deletion
3. Data We Process on Your Behalf
In delivering the SideMind service, we process the following categories of your customers' personal data:
Phone numbers (web form leads, SMS leads, and inbound callers where voice features are deployed)
Names and email addresses (where provided during qualification conversations)
SMS conversation content from lead qualification and quote follow-up workflows
Quote details and follow-up status
Appointment booking details
Lead qualification responses relevant to your business (service interest, timing, budget range, contact preference)
Call recordings and transcripts where AI voice agent features are deployed for a specific client
4. Our Obligations as Data Processor
SideMind agrees to:
Process personal data only on your documented instructions and for the purposes of delivering the service
Ensure all personnel with access to personal data are bound by confidentiality obligations
Implement appropriate technical and organisational security measures
Assist you in responding to individuals exercising their privacy rights
Delete or return personal data upon termination of the service as instructed
Notify you without undue delay upon becoming aware of a personal data breach affecting your customers' data
Provide reasonable assistance to help you comply with applicable privacy laws
5. Sub-Processors
We use the following sub-processors to deliver the service. By agreeing to these terms, you authorise their use:
HighLevel Inc (GoHighLevel): CRM, phone number, SMS and voice messaging, call recordings where voice features are deployed, and booking
Sinch MessageMedia (Message4U Pty Ltd): SMS delivery, receiving, and sender ID
Make.com (Celonis): moving data between systems
Google LLC: data storage and calendar (Google Sheets and Google Calendar)
Calendly LLC: appointment booking
Netlify Inc: website hosting
Stripe, Inc: payment processing
Anthropic PBC: AI processing of messages and conversations via Claude
We will notify you of any intended changes to sub-processors with reasonable advance notice.
6. Your Obligations as Data Controller
As the data controller, you are responsible for:
Ensuring you have a lawful basis for collecting and processing your customers' personal data
Providing appropriate privacy notices to your customers about how their data is used
Ensuring your use of SideMind complies with applicable privacy laws in your jurisdiction
Only instructing us to process data in ways that are lawful
7. Data Retention
We retain customer data processed on your behalf for the duration of your service agreement plus 90 days. After this period, data is securely deleted unless you request earlier deletion or we are legally required to retain it.
8. Security
We implement the following security measures to protect personal data:
Access controls limiting data access to authorised personnel only
Encryption of data in transit via industry-standard TLS
Use of reputable, security-certified third-party platforms
Regular review of access permissions and data handling practices
9. Contact
For data processing enquiries, contact kevin@sidemind.com.au.