Effective date: 3 April 2026 · Last updated: 3 April 2026
Summary: When SideMind processes data about your customers on your behalf, we act as your data processor. This agreement sets out how we handle that data responsibly.
1. Purpose
This Data Processing Agreement (DPA) applies between SideMind (ABN 14 649 487 237) as the data processor and the Client as the data controller. It governs the processing of personal data that SideMind handles on behalf of the Client in connection with the services provided.
2. Definitions
Personal Data: Any information relating to an identified or identifiable individual, including names, phone numbers, email addresses, and call recordings
Data Controller: The Client, who determines the purposes and means of processing personal data
Data Processor: SideMind, which processes personal data on behalf of the Client
Processing: Any operation performed on personal data, including collection, storage, use, and deletion
3. Data We Process on Your Behalf
In delivering the SideMind service, we process the following categories of your customers' personal data:
Phone numbers (inbound callers and SMS leads)
Names (where provided during qualification conversations)
Call recordings and transcripts
SMS conversation content
Appointment booking details
Lead qualification responses (property type, energy usage, contact preference)
4. Our Obligations as Data Processor
SideMind agrees to:
Process personal data only on your documented instructions and for the purposes of delivering the service
Ensure all personnel with access to personal data are bound by confidentiality obligations
Implement appropriate technical and organisational security measures
Assist you in responding to individuals exercising their privacy rights
Delete or return personal data upon termination of the service as instructed
Notify you without undue delay upon becoming aware of a personal data breach affecting your customers' data
Provide reasonable assistance to help you comply with applicable privacy laws
5. Sub-Processors
We use the following sub-processors to deliver the service. By agreeing to these terms, you authorise their use:
Retell AI — call recordings and voice AI processing
Twilio Inc — SMS delivery and telephony
Make.com (Celonis) — workflow automation
Google LLC — data storage (Google Sheets)
Anthropic PBC — AI conversation processing via Claude API
Calendly LLC — appointment booking
We will notify you of any intended changes to sub-processors with reasonable advance notice.
6. Your Obligations as Data Controller
As the data controller, you are responsible for:
Ensuring you have a lawful basis for collecting and processing your customers' personal data
Providing appropriate privacy notices to your customers about how their data is used
Ensuring your use of SideMind complies with applicable privacy laws in your jurisdiction
Only instructing us to process data in ways that are lawful
7. Data Retention
We retain customer data processed on your behalf for the duration of your service agreement plus 90 days. After this period, data is securely deleted unless you request earlier deletion or we are legally required to retain it.
8. Security
We implement the following security measures to protect personal data:
Access controls limiting data access to authorised personnel only
Encryption of data in transit via industry-standard TLS
Use of reputable, security-certified third-party platforms
Regular review of access permissions and data handling practices
9. Contact
For data processing enquiries, contact kevin@sidemind.com.au.