Undercom® Contact Us

Data Processing Agreement (DPA)

This Data Processing Agreement (“Agreement”) forms part of the agreement between Undercom® (“Undercom”, “we”, “our”) and the agency or organisation using the Undercom platform (“Controller”, “you”).

This Agreement is designed to meet the requirements of UK GDPR and EU GDPR where Undercom acts as a data processor or software provider.

1. Roles & Scope

Undercom provides a self-hosted, white-label AI chatbot platform to agencies. When the platform is deployed, the agency acts as the Data Controller and determines the purposes and means of processing personal data.

Undercom acts solely as a software provider and, where applicable, a Data Processor, processing data only on the documented instructions of the Controller.

2. Nature of Processing

The platform may process personal data such as chatbot messages, email addresses, IP addresses, and metadata, depending on how the Controller configures the system.

All data processing occurs within infrastructure controlled by the Controller. Undercom does not operate a hosted SaaS environment for production chatbot data.

3. No Access to Personal Data

Undercom does not access, monitor, store, or analyse personal data processed by agency-deployed instances of the platform.

Any access to data for support or troubleshooting purposes will only occur if explicitly requested or authorised by the Controller.

4. Controller Responsibilities

The Controller is responsible for:

  • Ensuring a lawful basis for processing personal data
  • Providing appropriate privacy notices to end users
  • Configuring data retention, deletion, and security settings
  • Responding to data subject rights requests

5. Security Measures

Undercom implements reasonable technical and organisational measures within the software design to support secure deployment. Responsibility for operational security, hosting, and access control rests with the Controller.

6. Sub-processors

Undercom does not appoint sub-processors that process end-user chatbot data by default. Any required sub-processing will be disclosed where applicable.

7. Data Deletion

As data is processed and stored within infrastructure controlled by the Controller, deletion and retention are managed by the Controller. Undercom does not retain copies of personal data.

8. Data Subject Rights

Undercom will provide reasonable assistance to Controllers responding to data subject requests where technically feasible and where access is authorised.

9. Governing Law

This Agreement is governed by the laws of England and Wales.

10. Contact

For questions relating to this Data Processing Agreement, contact: info@undercom.ai

Last updated: 6th February 2026