Back to Home

Data Processing Agreement

Last Modified: January 2026

This Data Protection Agreement ("DPA") amends and forms part of the Master Service Agreement between Municipal Labs LLC, a New Jersey limited liability company ("Municipal Labs") and Customer. Municipal Labs and Customer are individually referred to as a "Party" and collectively as the "Parties". In the event of a conflict between the Agreement and this DPA, the more stringent terms shall govern.

1. Definitions

  • "Applicable Data Protection Law" means all laws and regulations applicable to the Processing of Personal Data under the Agreement, including U.S. state privacy laws such as the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"), the Virginia Consumer Data Protection Act, the Colorado Privacy Act, and any implementing, successor, or equivalent laws.
  • "Controller" means the entity that determines the purposes and means of Processing Personal Data, or such similar term (including "business") as defined under Applicable Data Protection Law.
  • "Processor" means the entity that Processes Personal Data on behalf of a Controller, or such similar term (including "service provider") as defined under Applicable Data Protection Law.
  • "Personal Data" means any information that relates to an identified or identifiable natural person and that is Processed by Municipal Labs on behalf of Customer in connection with the Services.
  • "Customer Data" means any or all of the following: Personal Data, any data or information uploaded, transmitted, provided or submitted by or on behalf of Customer to Processor, any data or information stored, recorded, processed, created, derived or generated by Customer's use of the Services including constituent communications, related metadata, and any classifications, annotations, or other data derived from such information.
  • "Data Subject" refers to the identified or identifiable individual to whom the Personal Data relates.
  • "Processing" means any operation or set of operations performed on Personal Data, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, alignment, restriction, erasure, or destruction.
  • "Subprocessor" means a third party authorized under this DPA to Process Personal Data on behalf of Municipal Labs to support the Services.
  • "Security Incident" means a confirmed breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data Processed by Municipal Labs on behalf of Customer. Security Incident does not include unsuccessful attempts or activities that do not compromise the security of Personal Data.

2. Roles and Scope

Customer acts as the Controller with respect to Customer Data, and Municipal Labs acts as the Processor with respect to Customer Data Processed on behalf of Customer in connection with the Services.

Municipal Labs shall Process Personal Data solely on the documented instructions of Customer, including as set forth in the Agreement, this DPA, Customer's configuration and use of the Services, and any written instructions provided by Customer's authorized administrators. Municipal Labs shall not Process Customer Data for any purpose other than as necessary to provide the Services or as otherwise required by applicable law.

3. Customer Obligations

Customer represents and warrants that it has obtained and will maintain all necessary rights, permissions, consents (where applicable), authorities, and lawful bases under Applicable Data Protection Law to provide Customer Data to Municipal Labs for Processing and to instruct Municipal Labs to Process Customer Data for the purposes contemplated by the Agreement and this DPA.

Customer is solely responsible for providing any notices, disclosures, or communications to Data Subjects required under Applicable Data Protection Law, and for establishing, maintaining, and enforcing any internal policies, procedures, or retention schedules applicable to Customer's Processing of Customer Data.

Customer shall ensure that its instructions to Municipal Labs are lawful and compliant with Applicable Data Protection Law. If Municipal Labs reasonably believes that a Customer instruction violates Applicable Data Protection Law, Municipal Labs will notify Customer and may suspend or limit the affected Processing until the instruction is clarified or modified.

4. Processor Obligations

Municipal Labs shall ensure that any person authorized to Process Customer Data on its behalf is subject to appropriate confidentiality obligations and receives access to Customer Data only as necessary to perform their assigned responsibilities.

Municipal Labs shall not:

  • sell Customer Data;
  • retain, use, or disclose Customer Data for any purpose other than providing the Services;
  • share Customer Data for purposes of cross-context behavioral advertising, targeted advertising, or similar activities;
  • use Customer Data to train, fine-tune, or otherwise improve any proprietary or third-party artificial intelligence or machine learning models, except as expressly instructed by Customer in writing; or
  • create aggregated, de-identified, or anonymized datasets derived from Customer Data for its own independent business purposes.

5. Data Processing Restrictions

Customer acknowledges that constituent communications and other Customer Data submitted to or ingested by the Services may contain sensitive information, the presence and processing of which is determined solely by Customer's use and configuration of the Services.

The Services are not designed or intended to Process "protected health information" ("PHI") as defined under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") in a manner that would render Municipal Labs a "business associate."

Customer shall not submit payment card information subject to the Payment Card Industry Data Security Standard ("PCI DSS") through the Services.

Municipal Labs does not download, store, or Process file attachments transmitted with constituent communications. Processing is limited to email body text and inline images.

6. Subprocessors

Customer hereby authorizes Municipal Labs to engage Subprocessors to Process Customer Data on its behalf as necessary to provide, operate, maintain, secure, and support the Services.

Municipal Labs shall enter into a written agreement with each Subprocessor that imposes data protection, confidentiality, and security obligations consistent with this DPA and that are no less protective than the obligations imposed on Municipal Labs.

Current Subprocessors

SubprocessorService DescriptionProcessing Activities
SupabaseManaged PostgreSQL database hosting and related infrastructure servicesHosting and storage of Customer Data; database availability; backup and recovery functions
Google (Gmail API & OAuth)Email integration and authentication services, enabled at Customer directionAccess to Customer-authorized email content and metadata for ingestion into the Services; authentication via OAuth
Microsoft (Azure OpenAI)AI inference servicesAI-assisted inference on redacted content to generate classifications, metadata, and drafting outputs

7. Security Measures

Municipal Labs shall implement and maintain appropriate technical and organizational measures designed to protect Customer Data against Security Incidents and to preserve the confidentiality, integrity, and availability of Customer Data and the systems used to Process it.

Municipal Labs' security measures include, without limitation:

  • Encryption: Encryption of sensitive Customer Data at rest using industry-standard cryptographic algorithms (e.g., AES-256-GCM), with tenant-scoped encryption keys; encryption of data in transit using TLS.
  • Access Controls: Role-based access controls (e.g., administrator, manager, agent) designed to restrict access to Customer Data based on job function and least-privilege principles.
  • Tenant Isolation: Tenant-level logical isolation of Customer Data within shared infrastructure to prevent unauthorized cross-tenant access.
  • AI Processing Controls: Implementation of data minimization and redaction processes designed to remove personally identifiable information from email content prior to AI-assisted inference.
  • Logging and Monitoring: Maintenance of audit logs capturing authentication events, data access events, administrative actions, and AI processing operations.
  • Operational Safeguards: Ongoing monitoring of system performance and security events; documented incident response and escalation procedures.

8. Data Subject Requests

Customer is solely responsible for responding to requests from Data Subjects to exercise any rights under Applicable Data Protection Law with respect to Personal Data Processed in connection with the Services.

Taking into account the nature of the Processing and the information available to Municipal Labs, Municipal Labs shall provide reasonable assistance to Customer in enabling Customer to respond to Data Subject requests, including implementing Customer's documented, lawful instructions to access, correct, delete, restrict, or export Personal Data.

9. Security Incidents

Municipal Labs shall notify Customer without undue delay after becoming aware of a Security Incident affecting Customer Data Processed on behalf of Customer.

To the extent known at the time, Municipal Labs' notice will include:

  • the general nature of the Security Incident;
  • the categories and approximate number of affected Data Subjects and records;
  • likely consequences; and
  • measures taken or proposed to address and mitigate the incident.

10. Data Retention and Deletion

Upon termination or expiration of Customer's account or use of the Services, Municipal Labs shall, in accordance with the Agreement and Customer's documented instructions, delete Customer Data from its active production systems without undue delay, except to the extent retention is required by applicable law.

Customer Data may persist for a limited period in encrypted backups maintained for disaster recovery and business continuity purposes. Such backups are typically retained for approximately seven (7) to thirty (30) days before being overwritten or deleted.

11. Cross-Border Transfers

Customer acknowledges that Customer Data may be Processed in jurisdictions other than the Customer's state or locality, including within the United States, solely as necessary to provide, operate, maintain, and support the Services in accordance with the Agreement and this DPA.

To the extent Applicable Data Protection Law requires specific safeguards or contractual measures in connection with the Processing or transfer of Customer Data, the Parties shall cooperate in good faith to implement such measures as required by law and mutually agreed in writing.

12. Term

This DPA shall commence on the effective date of the Agreement and shall remain in effect for the duration of the Agreement and for so long as Municipal Labs Processes Customer Data on behalf of Customer pursuant to the Agreement or this DPA. Sections of this DPA that by their nature are intended to survive termination or expiration shall survive any termination or expiration of this DPA or the Agreement.

Contact

For questions about this Data Processing Agreement, please contact us at support@municipallabs.ai