Data Processing Agreement
Last updated: February 20, 2026
This Data Processing Agreement ("DPA") forms part of the Terms of Service between Maaya Software Solutions Pvt Ltd ("Processor", "FeedPi") and the entity subscribing to FeedPi's services ("Controller", "Customer").
1. Definitions
- "Personal Data"
- Any information relating to an identified or identifiable natural person processed through the FeedPi platform.
- "Processing"
- Any operation performed on Personal Data, including collection, storage, retrieval, use, disclosure, erasure, or destruction.
- "Sub-processor"
- A third-party entity engaged by FeedPi to process Personal Data on behalf of the Customer.
- "Data Breach"
- A breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data.
- "Customer Data"
- All data uploaded or generated by the Customer through FeedPi, including feed formulations, production records, quality control data, and business records.
2. Scope and Purpose
FeedPi processes Personal Data solely for the purpose of providing the feed manufacturing platform services as described in the Terms of Service. The categories of data processed include:
- User account information (names, emails, roles)
- Platform usage and activity logs
- Feed manufacturing data (formulations, batch records, QC results)
- Inventory and procurement data
- Financial and billing records
Data subjects include Customer employees, contractors, and business contacts who access the FeedPi platform.
3. Processor Obligations
FeedPi shall:
- Process Personal Data only on documented instructions from the Customer
- Ensure all personnel authorised to process Personal Data are bound by confidentiality obligations
- Implement appropriate technical and organisational security measures
- Assist the Customer in responding to data subject access requests
- Assist with data protection impact assessments where required
- Delete or return all Personal Data upon termination, at the Customer's choice
- Make available all information necessary to demonstrate compliance
- Allow and contribute to audits conducted by the Customer or their auditor
4. Controller Obligations
The Customer shall:
- Ensure they have a lawful basis for processing Personal Data through FeedPi
- Provide clear, documented processing instructions
- Notify FeedPi promptly of any changes to processing requirements
- Ensure data subjects are informed of the processing
5. Sub-processors
FeedPi uses the following sub-processors to deliver its services:
| Sub-processor | Purpose | Location |
|---|---|---|
| Amazon Web Services | Cloud infrastructure & data storage | Mumbai, India (ap-south-1) |
| Vercel | Website hosting & edge delivery | Global CDN |
| Stripe | Payment processing | United States |
| Resend | Email delivery | United States |
FeedPi will notify the Customer at least 30 days before engaging a new sub-processor or replacing an existing one. The Customer may object to a new sub-processor within 14 days of notification.
6. Security Measures
FeedPi implements the following technical and organisational measures:
- Encryption at rest (AES-256) and in transit (TLS 1.3)
- Network segmentation and firewall protection
- Multi-factor authentication for all internal systems
- Role-based access controls with principle of least privilege
- Automated daily backups with 30-day retention and cross-region replication
- Intrusion detection and real-time monitoring
- Regular penetration testing and vulnerability scanning
- Employee security training and background checks
- Physical security of data centre facilities (managed by AWS)
7. Data Breach Notification
In the event of a Data Breach, FeedPi shall:
- Notify the Customer without undue delay and within 72 hours of becoming aware of the breach
- Provide details including the nature of the breach, categories of data affected, approximate number of records, likely consequences, and measures taken to address the breach
- Take immediate steps to contain and remediate the breach
- Cooperate with the Customer in notifying affected data subjects and regulatory authorities as required
- Document the breach including facts, effects, and remedial actions taken
8. International Transfers
All primary data processing for Indian customers occurs within India (AWS Mumbai ap-south-1). Where international transfers are necessary (e.g., to sub-processors in the US), FeedPi ensures appropriate safeguards are in place, including standard contractual clauses and data processing agreements with sub-processors.
9. Term and Termination
This DPA remains in effect for the duration of the Customer's subscription to FeedPi services. Upon termination, FeedPi will delete or return all Personal Data within 90 days, at the Customer's election, except where retention is required by applicable law.
10. Contact
For DPA-related enquiries:
Data Protection Contact
Maaya Software Solutions Pvt Ltd
Chennai, Tamil Nadu, India
Email: dpo@feedpi.in