top of page

DATA PROCESSING AGREEMENT (DPA)

Effective Date: 06-Dec-2025
Between:
DesignlensUX Studio Private Limited (“Processor”), registered in Kangra, Himachal Pradesh, India
and
The Customer (“Controller”)

This Data Processing Agreement (“Agreement”) forms part of the Terms of Service and governs how DesignlensUX processes Personal Data on behalf of the Customer.

1. Definitions

“Applicable Law”

Includes India’s Digital Personal Data Protection Act (DPDP Act), and applicable international privacy standards where relevant.

“Controller”

The Customer who determines the purpose and means of processing Personal Data.

“Processor”

DesignlensUX Studio Private Limited, which processes Personal Data on behalf of the Controller.

“Personal Data”

Any data relating to an identifiable individual submitted or collected through the Platform.

“Sub-Processors”

Third-party service providers engaged by the Processor to support processing activities.

2. Subject Matter of Processing

DesignlensUX processes Personal Data solely for:

  • AI-based UX Benchmarking

  • Generating UX/UI reports

  • User journey analysis

  • Platform functionality, login, dashboards

  • Improving algorithms and platform performance

  • Customer support

  • Hosting, analytics, and security

  • Fraud monitoring and abuse detection

3. Types of Personal Data Processed

The Processor may process the following customer data categories:

  • Name

  • Email address

  • Login and authentication details

  • Website URLs submitted for analysis

  • UX performance data extracted from websites

  • Uploaded files (PNG, JPG)

  • Platform usage logs

  • User journey metrics (aggregated or anonymized)

  • Analytics data (device, browser, IP, interactions)

  • Payment metadata processed by Razorpay (the Processor does not store card or banking details)

No sensitive personal data is intentionally collected.

4. Roles & Responsibilities

4.1 Controller Responsibilities

The Customer confirms that:

  • They have the legal right to submit any data or website for analysis.

  • They provide all required notices to end-users.

  • They ensure compliance with applicable laws.

4.2 Processor Responsibilities

DesignlensUX shall:

  • Process Personal Data only according to the Customer’s instructions.

  • Not sell or misuse Personal Data.

  • Maintain appropriate technical and organizational security measures.

  • Assist the Customer in responding to data subject requests.

5. Sub-Processors

The Processor engages the following Sub-Processors:

Hosting & Infrastructure

  • Wix – website hosting, platform delivery

  • Google Cloud Platform – server hosting, data storage, logs

Analytics & Tracking

  • Google Analytics

  • Google Tag Manager

AI Processing Providers

  • OpenAI

  • Google Vertex AI

  • Google Gemini models

Payments

  • Razorpay – payment processing (DesignlensUX does not store card data)

Business Tools (Generic)

  • Zoho Tools (emails, CRM, internal operations)

  • Google Workspace (email and collaboration)

  • GitHub (code hosting; no customer data stored intentionally)

The Customer grants authorization for the Processor to use these Sub-Processors.

6. International Data Transfers

Customer data may be transferred to servers located in:

  • United States (Google Cloud, OpenAI)

  • EU or global (Wix)

  • Other regions as required by Sub-Processors

All transfers occur using secure and encrypted channels.

7. Security Measures

The Processor implements appropriate measures including:

  • Encryption in transit

  • Access controls and authentication

  • Firewall and intrusion monitoring

  • Secure hosting environment

  • Regular audits and vulnerability checks

  • Data minimization

  • Logging and monitoring

The Customer acknowledges no system can be 100% secure.

8. Data Subject Rights

The Processor will assist the Controller in responding to:

  • Access requests

  • Deletion requests

  • Correction requests

  • Objections or portability requests

Requests must be submitted to:
📧 contactus@designlensux.com

9. Data Retention

DesignlensUX retains Customer Personal Data:

  • For the duration of the customer’s active account

  • Up to 12 months after last activity, OR

  • Until the customer deletes their account

After this, data will be securely deleted or anonymized.

The Processor may retain minimal logs for security, fraud prevention, or legal obligations.

10. Data Breach Notification

In the event of a confirmed data breach affecting Customer Personal Data:

  • The Processor will notify the Customer within 72 hours

  • The notification will include known details, risks, and mitigation steps

  • The Processor will cooperate fully in compliance efforts

11. Customer Data Ownership

The Customer retains full ownership of:

  • All data submitted

  • All website URLs

  • All uploaded files

  • All behavioral or UX data analyzed

The Processor claims no ownership over Customer data.

12. Processor Restrictions

The Processor shall NOT:

  • Sell Customer data

  • Use Customer data for advertising

  • Combine Customer data with third-party datasets

  • Process data beyond the scope of this Agreement

13. Termination

Upon termination of the customer’s account:

  • All Customer data will be deleted or anonymized within the retention window

  • Backups will be removed in accordance with system cycles

  • Customer may request immediate deletion earlier

14. Governing Law & Jurisdiction

This Agreement is governed by:

  • Indian Law, including the DPDP Act

  • Jurisdiction of Himachal Pradesh, India

15. Changes to Sub-Processors or Terms

The Processor may update Sub-Processors or terms as needed.
Material changes will be communicated to the Customer.

16. Contact Information

For privacy or data protection queries:

📧 contactus@designlensux.com
DesignlensUX Studio Private Limited
Kangra, Himachal Pradesh, India

bottom of page