Happy PageHappy Page
Join waitlist

Data Processing Addendum

Last updated: June 2, 2026

This Data Processing Addendum ("DPA") supplements the Happy Page Terms of Servicebetween Reset, LLC ("Processor") and the business customer ("Controller") that uses the Service to handle personal information about its end users (e.g. callers, leads, website visitors).

1. Roles

For end-user personal information (caller phone numbers, transcripts, form submissions), Controller is the data controller and Reset is the data processor. For Controller's own account, billing, and usage data, Reset acts as an independent data controller — see our Privacy Policy.

2. Subject Matter & Duration

Reset will process end-user personal information solely to provide the Service for the duration of the subscription, plus a reasonable wind-down period.

3. Nature & Purpose

Receiving and routing calls and SMS, transcribing and storing message content, generating AI summaries and replies, and surfacing leads to Controller via the dashboard, email, or push notifications.

4. Categories of Data & Data Subjects

  • Categories of data: phone numbers, names (if provided), call/SMS timestamps, duration, transcripts, optional recordings, message content, IP address, device data.
  • Data subjects: Controller's customers, prospects, and other end users who contact Controller through the Service.

5. Sub-Processors

Reset uses the following sub-processors:

  • Stripe, Inc. — payment processing
  • Twilio Inc. — telephony, SMS, recording, transcription
  • Supabase, Inc. — database, authentication, storage
  • Lovable Cloud — hosting and serverless runtime
  • OpenAI, Anthropic, Google, xAI, Microsoft — AI model providers used for content generation, classification, and summarization (configured to disable training on inputs where supported)

Reset will give at least 14 days' notice of any new or replacement sub-processor by email or in-app notice. Controller may object on reasonable data-protection grounds; if the parties cannot resolve the objection, Controller may terminate the affected portion of the Service.

6. Confidentiality

Reset ensures that personnel authorized to process personal data are bound by appropriate confidentiality obligations.

7. Security Measures

Reset maintains technical and organizational measures appropriate to the risk, including:

  • Encryption in transit (TLS 1.2+) and at rest where supported by sub-processors.
  • Role-based access control and least-privilege access to production systems.
  • Logging, monitoring, and regular backups.
  • Security review of code changes prior to deployment.

8. Personal Data Breach

Reset will notify Controller without undue delay and in any event within 72 hours after becoming aware of a personal data breach affecting end-user personal information, and will provide reasonable cooperation and information to enable Controller to meet its own notification obligations.

9. Assistance & Audits

Reset will assist Controller with data subject requests, DPIAs, and regulator consultations to the extent reasonable. Controller may audit Reset's compliance no more than once per 12 months upon 30 days' written notice, at Controller's expense, subject to confidentiality. Reset may satisfy audit requests by providing recent third-party reports.

10. International Transfers

For transfers of personal data from the EEA, UK, or Switzerland to a country without an adequacy decision, the parties incorporate the Standard Contractual Clauses (Module Two: Controller to Processor) by reference. The UK Addendum and Swiss FADP equivalents apply where relevant.

11. Return or Deletion

On termination, Reset will delete or return all end-user personal data within 60 days, except as required by law. Backups will be overwritten in the ordinary course.

12. Liability

Each party's liability under this DPA is subject to the limitations of liability in the Terms of Service.

13. Order of Precedence

In the event of a conflict between this DPA and the Terms, this DPA controls with respect to processing of end-user personal data.