Last updated: June 2026
This Data Processing Addendum (“DPA”) forms part of the agreement between the customer (“Controller”) and Osora (“Processor”) and governs Osora's processing of personal data on the Controller's behalf. To execute a countersigned copy, email richie@getnolea.com.
The Controller determines the purposes and means of processing; Osora processes personal data only on documented instructions to provide the service — capturing recorded sessions and compiling them into governed skills, with the processing described in our Privacy Policy.
The Osora service is hosted in the United States (US-East): application compute and the primary database (Neon, AWS us-east-1) are co-located there. In-region data residency for the EU or other regions is available to Enterprise customers on request — contact us to scope it.
Where personal data is transferred from the EEA, UK, or Switzerland to the United States, the transfer is governed by the European Commission's Standard Contractual Clauses (SCCs) (and the UK Addendum / Swiss addendum as applicable), together with the technical and organizational measures below.
Osora uses the following sub-processors, each under a data-processing agreement:
We give notice of new sub-processors and an opportunity to object. Enterprise customers may use Bring-Your-Own-Key (BYOK) to keep AI processing within their own environment.
Osora assists the Controller in responding to data-subject requests (access, rectification, erasure, portability), notifies the Controller without undue delay on becoming aware of a personal-data breach, and deletes or returns personal data on termination (default: deletion within 30 days), subject to legal retention requirements.
See also our Privacy Policy and Terms of Service.