In this Agreement, the following terms have the meanings set out below:
"Agreement" means this Master Service Agreement together with all Order Forms and Schedules (including the Data Processing Addendum at Schedule 1 and the Order Form provisions at Schedule 2).
"Authorised Users" means the Customer's employees, contractors, and agents who are permitted to access and use the Services under the Customer's account.
"Business Day" means any day other than a Saturday, Sunday, or public holiday in England.
"Confidential Information" means any information disclosed by one party to the other that is designated as confidential or that a reasonable person would understand to be confidential given the nature of the information and the circumstances of its disclosure, including (without limitation) pricing, technical architecture, product roadmaps, and Customer Data.
"Customer Data" means all data, content, contact lists, recordings, transcripts, and other information submitted to or generated by the Services through the Customer's use, including any personal data therein.
"Data Processing Addendum" or "DPA" means Schedule 1 to this Agreement, which governs the processing of personal data by TensorSound on behalf of the Customer.
"Documentation" means the technical and functional documentation for the Services made available by TensorSound at its support portal or on request.
"Fees" means the subscription fees, usage charges, and any other amounts payable by the Customer as specified in the Order Form.
"Intellectual Property Rights" means all patents, rights to inventions, copyright and related rights, moral rights, trade marks, trade names, domain names, rights in get-up, goodwill, design rights, database rights, rights in computer software, rights in confidential information (including know-how and trade secrets), and all other intellectual property rights, whether registered or unregistered, and including all applications for and renewals or extensions of such rights.
"Order Form" means the commercial order document, online checkout, or written proposal signed or accepted by both parties that specifies the Services, subscription plan, Fees, Subscription Term, and any other agreed commercial terms.
"Platform" means TensorSound's proprietary AI voice automation platform, including all software, APIs, infrastructure, machine learning models, and associated tools operated by TensorSound.
"Services" means the AI voice automation services, features, and functionality described in the Order Form and Documentation, provided via the Platform.
"Subscription Term" means the period specified in the Order Form during which the Customer is entitled to access and use the Services.
"Usage Limits" means any quantitative limits on the Customer's use of the Services set out in the Order Form (including, for example, call minutes, number of campaigns, or number of Authorised Users).
Subject to the Customer's compliance with this Agreement and timely payment of all Fees, TensorSound grants the Customer a limited, non-exclusive, non-transferable, non-sublicensable right to access and use the Services during the Subscription Term solely for the Customer's internal business purposes.
The Customer may permit Authorised Users to access and use the Services up to the number specified in the Order Form. The Customer is responsible for all acts and omissions of its Authorised Users as if they were the Customer's own. The Customer shall: (a) ensure that Authorised Users comply with this Agreement; (b) maintain the confidentiality of all account credentials; and (c) promptly notify TensorSound of any actual or suspected unauthorised access to the Customer's account.
Where an Order Form specifies a Service Level Agreement ("SLA"), TensorSound will provide the Services in accordance with that SLA. Where no SLA is specified, TensorSound will use commercially reasonable efforts to maintain service availability of 99.5% per calendar month (excluding scheduled maintenance and events beyond TensorSound's reasonable control).
TensorSound may perform scheduled maintenance that temporarily interrupts the Services. TensorSound will use reasonable efforts to provide at least 48 hours' advance notice of planned maintenance windows and to schedule them outside Business Hours (09:00–18:00 UK time, Monday to Friday).
TensorSound may modify, update, or enhance the Services from time to time. TensorSound will use commercially reasonable efforts to provide advance written notice of any material changes that would materially and adversely reduce the functionality of the Services as used by the Customer.
TensorSound will provide technical support in accordance with the support tier specified in the Order Form. Where no support tier is specified, TensorSound will provide reasonable email support during Business Hours via support@tensorsound.com, with a target first response within one Business Day.
The Customer shall: (a) provide accurate, complete, and up-to-date information when registering and throughout the Subscription Term; (b) use the Services only as permitted under this Agreement and in compliance with all applicable laws and regulations; (c) ensure it has obtained all necessary rights, licences, consents, and permissions to submit Customer Data to the Services and to make calls using the Services; and (d) co-operate reasonably with TensorSound to enable TensorSound to perform its obligations under this Agreement.
The Customer shall not, and shall ensure its Authorised Users do not:
The Customer acknowledges that the use of AI-assisted and automated voice calling is subject to regulation by Ofcom, the ICO, and other authorities. The Customer is solely responsible for: (a) obtaining, recording, and maintaining all necessary consents from call recipients prior to initiating calls using the Services; (b) screening all contact lists against the TPS, CTPS, and any internal suppression lists before uploading them to the Services; (c) complying with all Ofcom-mandated requirements regarding calling line identification (CLI); (d) ensuring that all recordings or transcripts generated by the Services are collected, stored, and used in accordance with applicable data protection legislation; and (e) registering with the ICO if required to do so in connection with its use of the Services.
The Customer acknowledges that the Services use artificial intelligence and machine learning technology. AI-generated outputs — including voice transcripts, call summaries, lead qualification data, and recommendations — may contain errors, omissions, or inaccuracies. The Customer is solely responsible for reviewing and validating AI outputs before relying on them for any business decision or regulatory purpose.
The Customer shall pay the Fees specified in the Order Form. All Fees are stated exclusive of UK VAT (or any other applicable taxes or levies), which the Customer shall pay at the prevailing rate in addition to the Fees.
Unless otherwise specified in the Order Form: (a) subscription fees are invoiced in advance (monthly or annually as specified); (b) usage-based charges are invoiced monthly in arrears; (c) invoices are issued electronically to the billing contact specified in the Order Form; and (d) payment is due within 14 days of the invoice date.
If the Customer fails to pay any undisputed amount by the due date, TensorSound may: (a) charge interest on overdue amounts at 8% per annum above the Bank of England base rate, in accordance with the Late Payment of Commercial Debts (Interest) Act 1998; and (b) after giving 7 days' written notice, suspend the Customer's access to the Services until all overdue amounts are paid in full.
TensorSound may adjust Fees on no less than 30 days' prior written notice. If the Customer does not accept the adjusted Fees, it may terminate the relevant Order Form by written notice to take effect at the end of the then-current billing period and shall receive a pro-rata refund of any prepaid Fees for the period after the termination date.
If the Customer disputes any invoice in good faith, it shall notify TensorSound in writing within 14 days of receipt, providing reasonable details of the dispute. The Customer shall pay undisputed amounts by the due date.
Except as expressly set out in this Agreement or required by applicable law, all Fees paid are non-refundable. Any service credits issued by TensorSound under an applicable SLA are applied to future invoices and have no cash value.
TensorSound and its licensors retain all Intellectual Property Rights in and to the Platform, the Services, the Documentation, and all improvements, modifications, and derivative works thereof. No rights in or to the Platform or Services are transferred or granted to the Customer except the limited use rights expressly set out in clause 2.1.
The Customer retains all Intellectual Property Rights in Customer Data. The Customer grants TensorSound a non-exclusive, worldwide, royalty-free licence to access, store, process, and use Customer Data solely to the extent necessary to provide the Services and perform its obligations under this Agreement.
To the extent the Customer or its Authorised Users provide TensorSound with suggestions, ideas, or feedback regarding the Services ("Feedback"), the Customer assigns to TensorSound all rights in such Feedback. TensorSound may freely use and incorporate Feedback into its products and services without restriction or compensation.
TensorSound may generate and use aggregated, de-identified, anonymised data derived from the Customer's use of the Services (in a form that does not identify the Customer or any individual) for purposes including service improvement, benchmarking, research, and development of new features.
Each party agrees to: (a) hold the other party's Confidential Information in strict confidence; (b) not disclose Confidential Information to any third party without the prior written consent of the disclosing party; and (c) use Confidential Information only for the purposes of exercising its rights or performing its obligations under this Agreement.
Each party may disclose Confidential Information to its employees, officers, contractors, professional advisers, and (in the case of TensorSound) approved sub-processors who have a legitimate need to know and are bound by obligations of confidentiality no less stringent than those in this clause 6.
Confidentiality obligations do not apply to information that: (a) is or becomes publicly available through no act or omission of the receiving party; (b) was already in the possession of the receiving party before disclosure, free of any confidentiality obligation; (c) is independently developed by the receiving party without reference to the Confidential Information; or (d) is required to be disclosed by applicable law or court order, provided the receiving party gives prompt written notice and cooperates with any request to limit the scope of the disclosure.
Confidentiality obligations under this clause 6 continue for five (5) years after termination or expiry of this Agreement.
Where the Customer's use of the Services involves TensorSound processing personal data on behalf of the Customer, the parties shall be bound by the Data Processing Addendum set out at Schedule 1 of this Agreement, which forms an integral part of this Agreement.
The Customer is the data controller in respect of Customer Data that constitutes personal data and is solely responsible for: (a) ensuring that its collection, use, and submission of personal data to the Services complies with all applicable data protection legislation, including UK GDPR and the Data Protection Act 2018; (b) providing all required privacy notices to data subjects; and (c) having a valid lawful basis for processing personal data using the Services.
TensorSound warrants that: (a) it has the full right, power, and authority to enter into this Agreement and to provide the Services; (b) it will provide the Services with reasonable skill and care, consistent with prevailing industry standards; and (c) the Services will perform materially in accordance with the Documentation during the Subscription Term.
Where TensorSound materially fails to meet the warranty in clause 8.1(c) and the Customer notifies TensorSound in writing, TensorSound will use reasonable efforts to remedy the failure within a reasonable time. If TensorSound is unable to remedy the failure within 30 days of notification, the Customer may terminate the affected Order Form on written notice and receive a pro-rata refund of prepaid Fees attributable to the remaining period. This clause 8.2 sets out the Customer's sole and exclusive remedy for any breach of clause 8.1(c).
The Customer warrants that: (a) it has the full right, power, and authority to enter into this Agreement; (b) its use of the Services will comply with all applicable laws and regulations; and (c) it has obtained all necessary rights, consents, and permissions to submit Customer Data to the Services and to conduct calls using the Services.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, EXCEPT AS EXPRESSLY SET OUT IN THIS AGREEMENT, THE SERVICES ARE PROVIDED "AS IS" AND TENSORSOUND DISCLAIMS ALL OTHER WARRANTIES, CONDITIONS, AND REPRESENTATIONS, EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.
TensorSound does not warrant that: (a) the Services will be error-free, uninterrupted, or free from defects at all times; (b) AI-generated outputs will be accurate, complete, or fit for any particular purpose; or (c) the Services will meet any specific regulatory requirements applicable to the Customer's industry or jurisdiction beyond those described in the Documentation.
Subject to clauses 9.3 and 9.4, each party's total aggregate liability arising out of or in connection with this Agreement shall not exceed the greater of: (a) the total Fees paid or payable by the Customer in the twelve (12) months immediately preceding the event giving rise to the claim; or (b) £5,000.
Subject to clauses 9.3 and 9.4, neither party shall be liable to the other for any: (a) loss of profits or revenue; (b) loss of business, contracts, or anticipated savings; (c) loss of goodwill or damage to reputation; (d) loss, corruption, or destruction of data; (e) wasted management time; or (f) indirect, special, incidental, or consequential loss or damage, however arising.
Nothing in this Agreement limits or excludes either party's liability for: (a) death or personal injury caused by its negligence; (b) fraud or fraudulent misrepresentation; (c) any other liability that cannot be excluded or limited under applicable law.
The Customer acknowledges that TensorSound has no liability for any fines, penalties, enforcement action, compensation claims, or other regulatory sanctions imposed on the Customer by Ofcom, the ICO, or any other regulatory body arising from the Customer's use of the Services, including any failure by the Customer to comply with its obligations under clause 3.3.
The parties acknowledge that the limitations and exclusions of liability in this clause 9 are reasonable having regard to all circumstances, including the Fees payable under this Agreement, and reflect an allocation of risk agreed between commercially sophisticated parties.
The Customer shall indemnify, defend, and hold harmless TensorSound and its directors, officers, employees, and agents against any and all third-party claims, actions, proceedings, losses, damages, fines, penalties, and reasonable legal costs arising from or in connection with: (a) the Customer's breach of this Agreement, including the Acceptable Use Policy at clause 3.2 or the Regulatory Compliance obligations at clause 3.3; (b) the Customer's violation of any applicable law in connection with its use of the Services; or (c) any claim that Customer Data, or the Customer's use of Customer Data in connection with the Services, infringes the rights of any third party.
TensorSound shall indemnify, defend, and hold harmless the Customer against any third-party claims that the Services, as provided by TensorSound and used by the Customer strictly in accordance with this Agreement, infringe the Intellectual Property Rights of any third party in the United Kingdom. This indemnity does not apply to claims arising from: (a) modification of the Services by or on behalf of the Customer; (b) combination of the Services with hardware, software, or services not provided by TensorSound; (c) the Customer's use of the Services in violation of this Agreement; or (d) any Customer Data.
The indemnifying party's obligations under this clause 10 are conditional on the indemnified party: (a) promptly (and in any event within 10 Business Days) notifying the indemnifying party in writing; (b) giving the indemnifying party sole control of the defence and settlement of the claim; (c) not making any admission or settlement without the indemnifying party's prior written consent; and (d) providing all reasonable assistance at the indemnifying party's cost.
The Customer may, on no less than 30 days' prior written notice and no more than once per calendar year, request that TensorSound provide written confirmation or evidence of TensorSound's compliance with its obligations under this Agreement relating to data protection, information security, and sub-processor management. TensorSound may satisfy this obligation by providing relevant certifications, third-party audit reports, or written attestations in lieu of an on-site audit. Any audit shall be conducted at the Customer's cost and shall not unreasonably disrupt TensorSound's operations.
This Agreement commences on the Effective Date and continues until all Order Forms have expired or been terminated, unless terminated earlier in accordance with this clause 12.
Each Order Form specifies its initial Subscription Term. Unless either party gives written notice of non-renewal at least 60 days before the end of the then-current Subscription Term, the Order Form will automatically renew for a further period equal to the initial Subscription Term (or 12 months if the initial term exceeds 12 months) at the then-current Fees. Where an Order Form specifies a monthly rolling subscription, either party may terminate by giving no less than 30 days' written notice, to take effect at the end of the then-current monthly billing period.
Either party may terminate this Agreement or any Order Form by written notice with immediate effect if: (a) the other party commits a material breach and (where the breach is capable of remedy) fails to remedy it within 30 days of receiving written notice specifying the breach; or (b) the other party becomes insolvent, is subject to a petition for winding up or administration, or makes a voluntary arrangement with its creditors.
TensorSound may terminate this Agreement or any Order Form immediately on written notice if it reasonably determines that the Customer's use of the Services is causing or is likely to cause TensorSound to be in breach of applicable law or regulation, or to suffer regulatory action.
On termination or expiry: (a) all licences and access rights immediately cease; (b) the Customer shall promptly cease all use of the Services and delete or return any Documentation; (c) all accrued but unpaid Fees become immediately due and payable; (d) except where the Customer has terminated for TensorSound's material breach, no refunds shall be payable for prepaid Fees; and (e) TensorSound shall retain Customer Data for 30 days following termination, during which the Customer may request a data export. Thereafter, TensorSound shall delete or destroy Customer Data in accordance with the Data Processing Addendum.
The following clauses survive termination or expiry: 1 (Definitions), 5 (Intellectual Property), 6 (Confidentiality), 9 (Limitation of Liability), 10 (Indemnification), 12.5 (Effect of Termination), and 13 (General Provisions).
This Agreement and any non-contractual obligations arising out of or in connection with it are governed by and construed in accordance with the law of England and Wales.
Each party irrevocably submits to the exclusive jurisdiction of the courts of England and Wales to settle any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with this Agreement.
Neither party shall be in breach of this Agreement or liable for delay or failure in performing any obligation to the extent caused by circumstances beyond that party's reasonable control, including acts of God, pandemic or epidemic, flood, fire, government action, civil unrest, cyberattack by third parties, or failure of third-party telecommunications networks ("Force Majeure Event"). If a Force Majeure Event continues for more than 30 consecutive days, either party may terminate the affected Order Form on 14 days' written notice without liability, and TensorSound shall refund any prepaid Fees for the period after the termination date.
Neither party may assign, novate, or transfer any of its rights or obligations under this Agreement without the prior written consent of the other party, which shall not be unreasonably withheld or delayed. TensorSound may assign this Agreement without consent to a successor entity in a merger, acquisition, or sale of all or substantially all of its assets, provided TensorSound gives the Customer prompt written notice.
TensorSound may engage sub-processors and subcontractors in the provision of the Services, provided that TensorSound remains responsible for their acts and omissions. Sub-processors used to process personal data are governed by the Data Processing Addendum.
Each party shall comply with all applicable laws relating to anti-bribery and anti-corruption, including the Bribery Act 2010.
This Agreement, together with all Order Forms and Schedules, constitutes the entire agreement between the parties relating to its subject matter and supersedes all prior and contemporaneous agreements, representations, warranties, and understandings relating to that subject matter.
No amendment or variation of this Agreement is effective unless made in writing and signed by authorised representatives of both parties. TensorSound may update these standard terms from time to time and will give no less than 30 days' prior written notice of any material changes. The Customer's continued use of the Services after expiry of the notice period constitutes acceptance of the updated terms.
No failure or delay by either party in exercising any right or remedy under this Agreement shall constitute a waiver of that right or remedy.
If any provision of this Agreement is found to be invalid, illegal, or unenforceable, it shall be deemed modified to the minimum extent necessary to make it valid and enforceable. If such modification is not possible, the relevant provision shall be deemed deleted, and the remaining provisions shall continue in full force and effect.
Notices under this Agreement shall be in writing and delivered by email to the addresses specified in the Order Form. Notices are deemed received on the next Business Day after sending, provided no delivery failure notification is received. TensorSound's notice address is: legal@tensorsound.com.
This Agreement does not create any rights in favour of any third party under the Contracts (Rights of Third Parties) Act 1999.
The parties are independent contractors. Nothing in this Agreement creates any partnership, joint venture, agency, franchise, or employment relationship between the parties.
This Agreement may be executed in counterparts, each of which shall constitute an original. Electronic signatures and electronic acceptance (including click-through acceptance via the Platform) are binding and have the same legal effect as handwritten signatures.
"Applicable Data Protection Law" means all applicable legislation and regulations relating to the processing of personal data in force from time to time, including: (a) the UK General Data Protection Regulation (as defined in section 3 of the Data Protection Act 2018) ("UK GDPR"); (b) the Data Protection Act 2018 ("DPA 2018"); (c) the Privacy and Electronic Communications Regulations 2003 ("PECR"); and (d) any successor legislation to the foregoing.
"Controller" has the meaning given in UK GDPR Article 4(7) and refers to the Customer for the purposes of this DPA.
"Data Subject" has the meaning given in UK GDPR Article 4(1).
"Personal Data" has the meaning given in UK GDPR Article 4(1) and refers to personal data within Customer Data that TensorSound processes on behalf of the Customer.
"Personal Data Breach" has the meaning given in UK GDPR Article 4(12).
"Processing" (and "Process", "Processes", "Processed") has the meaning given in UK GDPR Article 4(2).
"Processor" has the meaning given in UK GDPR Article 4(8) and refers to TensorSound for the purposes of this DPA.
"Restricted Transfer" means a transfer of Personal Data to a country or territory outside the United Kingdom that is not subject to an adequacy decision made by the UK Secretary of State under UK GDPR Article 45.
"Standard Contractual Clauses" or "SCCs" means the standard contractual clauses for the transfer of personal data to third countries adopted by the European Commission or, as applicable, the International Data Transfer Agreement ("IDTA") or the International Data Transfer Addendum ("IDTA Addendum") issued by the ICO under section 119A of the Data Protection Act 2018.
"Sub-processor" means any processor engaged by TensorSound to carry out Processing activities on behalf of the Customer in connection with the Services.
2.1 The parties acknowledge that in connection with the Services, the Customer acts as Controller and TensorSound acts as Processor of Personal Data within Customer Data.
2.2 Each party shall comply with its obligations under Applicable Data Protection Law in its respective capacity.
2.3 Where TensorSound also processes personal data as a Controller (for example, personal data of the Customer's employees or contacts for TensorSound's own business purposes such as account management and invoicing), it does so under TensorSound's own Privacy Policy and not under this DPA.
The following information is provided in accordance with UK GDPR Article 28(3):
Provision of AI voice automation services, including outbound calling, campaign management, call recording, transcription, and lead qualification, as described in the MSA and Order Form.
TensorSound will Process Personal Data for the duration of the Subscription Term and for a period of 30 days following expiry or termination of the relevant Order Form, after which TensorSound will delete or destroy Personal Data in accordance with clause 9 of this DPA (unless a longer retention period is required by applicable law).
Collection, recording, storage, organisation, structuring, retrieval, use, transmission, analysis (including AI-based analysis and transcription), and deletion of Personal Data.
To provide the Services to the Customer in accordance with the MSA and Order Form, including: (a) making and receiving telephone calls on behalf of the Customer; (b) recording, transcribing, and analysing call audio; (c) managing customer contact lists and campaign data; (d) generating call summaries, transcripts, and qualification data; and (e) providing reporting, analytics, and audit records.
The Customer is responsible for ensuring that no special category data (as defined in UK GDPR Article 9) is submitted to the Services unless TensorSound has given prior written consent and appropriate safeguards are in place.
TensorSound shall Process Personal Data only: (a) on documented instructions from the Customer, as set out in this DPA and the MSA; and (b) as otherwise required by applicable law (in which case TensorSound shall, to the extent permitted by law, inform the Customer before Processing). If TensorSound reasonably believes that an instruction from the Customer would cause TensorSound to violate Applicable Data Protection Law, TensorSound shall promptly notify the Customer and shall not be required to follow that instruction until it is amended.
TensorSound shall ensure that all personnel authorised to Process Personal Data are subject to appropriate confidentiality obligations and are informed of the confidential nature of Personal Data.
TensorSound shall implement and maintain appropriate technical and organisational measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. The minimum security measures maintained by TensorSound are set out in Annex B of this DPA.
(a) The Customer hereby grants TensorSound general written authorisation to engage Sub-processors, subject to the conditions in this clause 4.4.
(b) TensorSound shall maintain a current list of Sub-processors as set out in Annex A. TensorSound shall notify the Customer of any intended changes by email with no less than 14 days' notice before the change takes effect.
(c) If the Customer reasonably objects to a new Sub-processor on legitimate data protection grounds, it shall notify TensorSound in writing within 14 days of receiving notice. If the parties cannot agree within a further 14 days, the Customer may terminate the affected Order Form on 30 days' written notice and receive a pro-rata refund of prepaid Fees.
(d) TensorSound shall impose data protection obligations on each Sub-processor by way of a written contract that provides at least equivalent protections to those in this DPA. TensorSound remains fully responsible to the Customer for the acts and omissions of its Sub-processors.
Taking into account the nature of the Processing and the information available to it, TensorSound shall provide reasonable assistance to the Customer (at the Customer's cost) to enable the Customer to fulfil its obligations to respond to requests from Data Subjects exercising their rights under Applicable Data Protection Law. TensorSound shall promptly forward to the Customer any Data Subject request received directly by TensorSound that relates to Personal Data Processed under this DPA.
TensorSound shall provide reasonable assistance to the Customer (at the Customer's cost) in connection with: (a) implementing appropriate technical and organisational measures to ensure the security of Processing (Article 32 UK GDPR); (b) notifying the ICO and Data Subjects of Personal Data Breaches (Articles 33–34 UK GDPR); (c) conducting data protection impact assessments and prior consultations with the ICO (Articles 35–36 UK GDPR); and (d) complying with any other data protection obligations applicable to the Customer.
TensorSound shall notify the Customer without undue delay, and in any event within 72 hours of becoming aware, of any Personal Data Breach affecting Personal Data Processed under this DPA. TensorSound's notification shall include, to the extent available: (a) a description of the nature of the breach; (b) the name and contact details of TensorSound's data protection contact; (c) the likely consequences of the breach; and (d) the measures taken or proposed to address the breach and mitigate its effects. The Customer is responsible for notifying the ICO and any affected Data Subjects where required by Applicable Data Protection Law.
TensorSound shall maintain, in accordance with UK GDPR Article 30(2), records of all categories of Processing activities carried out on behalf of the Customer.
The Customer shall: (a) comply with Applicable Data Protection Law in its capacity as Controller, including having a valid lawful basis for Processing Personal Data using the Services; (b) ensure that all Personal Data submitted to the Services has been collected lawfully and that all required privacy notices have been provided to Data Subjects; (c) ensure that no special category data or children's data is submitted to the Services without TensorSound's prior written agreement and appropriate additional safeguards; (d) be responsible for the accuracy, quality, and legality of all Customer Data; and (e) promptly inform TensorSound of any changes to its Processing instructions that may affect TensorSound's obligations under this DPA.
TensorSound's primary processing infrastructure is located in the United Kingdom. Personal Data is by default Processed within the UK unless sub-processor involvement requires transfer as set out in Annex A.
Where Personal Data is transferred to a Sub-processor located outside the United Kingdom, TensorSound shall ensure that appropriate safeguards are in place, including: (a) an adequacy decision by the UK Secretary of State (UK GDPR Article 45); (b) the UK International Data Transfer Agreement (IDTA) or the UK International Data Transfer Addendum to the EU Standard Contractual Clauses; or (c) another appropriate safeguard permitted under UK GDPR Article 46. The transfer mechanism applicable to each Sub-processor is set out in Annex A.
Where TensorSound or a Sub-processor relies on the UK Extension to the EU-US Data Privacy Framework ("UK-US Data Bridge") as the transfer mechanism, TensorSound shall ensure the relevant entity is certified under the UK-US Data Bridge and shall monitor such certification on an ongoing basis.
7.1 The Customer may exercise the audit rights set out in clause 11 of the MSA. TensorSound shall provide all information reasonably necessary to demonstrate compliance with this DPA and shall allow for and contribute to audits and inspections conducted by the Customer or an independent auditor, subject to: (a) reasonable advance notice of at least 30 days; (b) agreement on the scope, timing, and duration of the audit (not to exceed 2 Business Days without TensorSound's consent); (c) execution of any reasonable confidentiality undertaking; and (d) the Customer bearing all costs of any audit.
7.2 TensorSound may satisfy an audit request by providing relevant third-party audit reports, ISO certifications, or penetration test summaries (subject to appropriate redaction) in lieu of a Customer-conducted audit, where reasonably sufficient.
TensorSound shall treat all Personal Data Processed under this DPA as Confidential Information, subject to the confidentiality obligations set out in clause 6 of the MSA.
9.1 On expiry or termination of the relevant Order Form or this DPA (whichever is earlier), TensorSound shall (at the Customer's choice) delete or return all Personal Data to the Customer within 30 days of the Customer's written request.
9.2 TensorSound shall confirm in writing to the Customer once deletion is complete.
9.3 TensorSound may retain Personal Data for longer where required by applicable law (for example, for tax or regulatory purposes), but shall not otherwise Process it except for the purposes of such retention.
9.4 Where TensorSound provides a data export capability within the Platform, the Customer is responsible for initiating an export prior to the end of the 30-day retention period.
10.1 Each party's liability under this DPA is subject to the limitations and exclusions set out in clause 9 of the MSA.
10.2 If TensorSound is held liable for a data protection claim or fine arising from the Customer's instructions or the Customer's failure to comply with Applicable Data Protection Law in its capacity as Controller, the Customer shall indemnify TensorSound in accordance with clause 10.1 of the MSA.
10.3 Nothing in this DPA limits either party's liability to Data Subjects or to supervisory authorities (including the ICO) under Applicable Data Protection Law.
This DPA applies for so long as TensorSound Processes Personal Data on behalf of the Customer under the MSA. It terminates automatically when all Personal Data has been returned or deleted in accordance with clause 9 of this DPA.
The following Sub-processors are authorised as at the date of this DPA. TensorSound will notify the Customer of changes in accordance with clause 4.4(b).
| Sub-processor | Purpose | Personal Data Shared | Location | Transfer Mechanism |
|---|---|---|---|---|
| Telnyx LLC | Telephony infrastructure — routing, originating and terminating voice calls | Phone numbers, call audio | USA | UK-US Data Bridge / UK IDTA |
| SMTP2GO (Mailout Pty Ltd) | Transactional email delivery (account notifications, reports) | Name, email address | Australia / USA | UK IDTA (SCCs apply) |
| Cloudflare, Inc. | CDN, DDoS protection, and DNS for tensorsound.com | IP address, HTTP request metadata | Global (EEA + UK PoPs primary) | Cloudflare UK DPA / UK IDTA |
| Netlify, Inc. | Static website hosting (tensorsound.com — minimal personal data) | IP address, access logs | USA | UK IDTA (SCCs apply) |
TensorSound maintains the following minimum technical and organisational measures:
| Role | Contact |
|---|---|
| TensorSound data protection contact | support@tensorsound.com |
| TensorSound legal / compliance | hello@tensorsound.com |
| ICO (UK supervisory authority) | ico.org.uk · 0303 123 1113 |
By executing the MSA or Order Form, the parties agree to be bound by the terms of this Data Processing Addendum.
The commercial terms governing this Agreement — including the Customer's identity, subscription plan, fees, vehicle or usage commitments, implementation scope, support tier, and Subscription Term — are set out in the Order Form executed concurrently with or subsequent to this Agreement. Each Order Form:
A current Order Form template is available from TensorSound on request at hello@tensorsound.com.