Mott Labs, Inc.
Data Processing Agreement
_Effective Date: October 14, 2024

Mott Labs, Inc., a Delaware corporation,_

This Data Processing Agreement (“DPA”) forms part of the agreement between Mott Labs, Inc. (“Processor”) and the entity using Mott’s services (“Controller”) as outlined in the Master Subscription Agreement (“MSA”). This DPA governs the processing of personal data that the Controller provides to the Processor while using the Services.


1. Definitions
1.1 Controller: The entity that determines the purposes and means of processing personal data.
1.2 Processor: Mott Labs, Inc., which processes personal data on behalf of the Controller.
1.3 Personal Data: Any information related to an identified or identifiable individual, as defined under applicable data protection laws.
1.4 Data Protection Laws: Includes the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable

2. Roles and Responsibilities
2.1 Processor’s Obligations

The Processor agrees to:
  • Process personal data only on documented instructions from the Controller.
  • Ensure personnel authorized to process personal data are bound by confidentiality obligations.
  • Implement appropriate technical and organizational measures to ensure data security.
  • Assist the Controller in complying with its obligations under applicable data protection laws, including responding to data subject requests.

2.2 Controller’s Obligations
The Controller agrees to:
  • Obtain all necessary consents and provide notices as required by applicable laws.
  • Ensure that processing instructions comply with applicable data protection laws.

3. Processing Details
3.1 Subject Matter: The processing of personal data to provide the Services.
3.2 Duration: For the term of the MSA or until data is deleted by this DPA.
3.3 Nature and Purpose: Storage, analysis, and other operations necessary for providing the Services.
3.4 Types of Data: Name, email address, user activity, and any additional data uploaded by the Controller.
3.5 Data Subjects: Customers, employees, or other individuals whose data is provided by the

4. Security Measures
The Processor shall implement industry-standard technical and organizational measures to protect personal data, including but not limited to:
  • Data encryption in transit and at rest.
  • Regular security audits and risk assessments.
  • Restricted access based on a need-to-know basis.
  • Incident response procedures to address data breaches.

5. Sub-Processors
5.1 Approved Sub-Processors
The Processor may engage third-party sub-processors to assist in providing the Services. A current list of sub-processors is available upon request.

5.2 Sub-Processor Obligations
The Processor shall ensure that equivalent data protection obligations bind sub-processors as those set out in this DPA.

6. Data Subject Rights
The Processor shall assist the Controller in responding to requests from data subjects, including requests to access, correct, delete, or restrict the processing of their data.

7. Data Transfers
Personal data may be transferred to and processed in countries outside the European Economic Area (EEA) or other regions with comprehensive data protection laws. The Processor shall ensure appropriate safeguards for such transfers, such as standard contractual clauses or other approved mechanisms.

8. Data Breach Notification
In the event of a data breach, the Processor shall:
  • Notify the Controller without undue delay after becoming aware of the breach.
  • Provide information on the nature of the breach, affected data, and measures taken to address it.

9. Data Deletion
Upon termination of the MSA or upon the Controller’s written request, the Processor shall delete or return all personal data, unless applicable laws require retention.

10. Liability
The liability of each party under this DPA is subject to the exclusions and limitations of liability set out in the

11. Governing Law
This DPA is governed by the laws of the State of New York, without regard to conflict-of-law principles.

12. Contact Information
For questions or concerns related to this DPA, please contact: email: privacy@mott.ai

By registering for the Services, the Controller accepts the terms of this Data Processing Agreement.