Legal

Data Processing Addendum

Last updated June 5, 2026. This DPA governs how Monad processes personal information on behalf of customers, and forms part of our Terms of Service.

This Data Processing Addendum (“DPA”) is between the customer (“Customer,” acting as the business / controller) and Juno AI Labs, Inc. (“Monad”, acting as the service provider / processor), and is incorporated into the Terms of Service. It applies to Customer Personal Information that Monad processes to provide the Service.

1. Roles & scope

Customer determines the purposes and means of processing Customer Personal Information; Monad processes it only as a service provider on Customer’s behalf to provide and support the Service. “Personal Information” has the meaning given under applicable U.S. privacy law, including the California Consumer Privacy Act as amended (CCPA/CPRA).

2. Details of processing

  • Subject matter & duration — processing to provide the Service for the term of the agreement and any wind-down period.
  • Nature & purpose — hosting, storing, transmitting, and processing Customer Content (including via AI inference) so the Service and Customer’s agents function.
  • Categories of data subjects — Customer’s authorized users, guests, and any individuals referenced in Customer Content.
  • Categories of Personal Information — identifiers and contact data, account and usage data, and any personal information Customer or its users include in messages, documents, databases, tasks, files, and agent instructions. Customer controls what it submits and should avoid submitting sensitive data it doesn’t intend to.

3. Monad’s obligations as service provider

  • Process Customer Personal Information only on Customer’s documented instructions (including via the Service’s settings) and to provide the Service, unless legally required otherwise.
  • Not sell or share Customer Personal Information, and not retain, use, or disclose it outside the direct business relationship or for any purpose other than providing the Service.
  • Not combine Customer Personal Information with personal information from other sources, except as permitted by CCPA/CPRA to provide the Service.
  • Ensure personnel who access Customer Personal Information are bound by confidentiality obligations.
  • Certify that it understands and will comply with these restrictions.

4. No AI training on Customer data

Monad does not use Customer Personal Information or Customer Content to train, fine-tune, or improve any machine-learning models, and contracts with its AI sub-processors so they do not train their models on it. Aggregated or de-identified data that cannot reasonably identify an individual is not Customer Personal Information.

5. Sub-processors

Customer authorizes Monad to engage the sub-processors identified in our Sub-processor list to process Customer Personal Information. Monad imposes data-protection obligations on each sub-processor that are no less protective than this DPA and remains responsible for their performance. Monad will maintain the list and provide a mechanism to be notified of changes; Customer may object to a new sub-processor on reasonable data-protection grounds.

6. Security

Monad maintains administrative, technical, and physical safeguards appropriate to the risk, including workspace isolation, access controls and authorization checks, encryption of sensitive credentials at rest, and encryption in transit. See our Security page.

7. Security incidents

Monad will notify Customer without undue delay after becoming aware of a breach of security leading to the unlawful destruction, loss, alteration, or unauthorized disclosure of Customer Personal Information, and will provide information reasonably available to help Customer meet its notification obligations.

8. Assistance & data subject requests

Taking into account the nature of the processing, Monad will provide reasonable assistance to help Customer respond to verifiable requests from individuals to access, correct, delete, or port their personal information. If Monad receives such a request directly, it will direct the individual to Customer unless legally required to respond.

9. Return & deletion

On expiry or termination, Customer may export Customer Content from the Service for a reasonable period, after which Monad will delete or de-identify Customer Personal Information except where retention is required by law. Residual copies in backups age out on a rolling schedule.

10. Audits & demonstrating compliance

Monad will make available information reasonably necessary to demonstrate compliance with this DPA, including responding to reasonable documentation requests and, where available, third-party reports or certifications, subject to confidentiality.

11. International transfers & GDPR

Monad processes Customer Personal Information in the United States. This DPA is drafted for U.S. privacy law. If Customer’s processing is subject to the EU or UK GDPR, contact [email protected] to execute our GDPR addendum, which incorporates the applicable Standard Contractual Clauses.

12. Liability & precedence

Each party’s liability under this DPA is subject to the limitations in the Terms of Service. If this DPA conflicts with the Terms regarding the processing of Customer Personal Information, this DPA controls.

13. Contact

Data-protection questions and requests: [email protected] or [email protected].