Data Processing Agreement
Last updated: June 2026
When Future Ready processes personal data on behalf of a customer, we act as a processor under Article 28 of the GDPR, governed by a Data Processing Agreement. This page summarises that agreement. The full DPA is available on request.
Roles
The customer is the controller and decides why and how personal data is processed. Future Ready is the processor and acts only on the customer's documented instructions.
Scope of processing
We process the data needed to deliver conversation intelligence and coaching: call audio, redacted transcripts, quality scores and related coaching records, for the customer's agents and their customers.
Data residency
All personal data is stored and processed within the EU, in AWS Europe (Stockholm), eu-north-1, as described on our Security page.
Security measures
We apply technical and organisational measures including fail-safe PII redaction, encryption in transit and at rest, least-privilege access, audit logging and independent testing. Details are on our Security page.
Sub-processors
We use a current list of vetted sub-processors, each under a data protection agreement. We give advance notice before adding or replacing one, and you may object.
Assistance and data-subject rights
We help controllers respond to data-subject requests and meet their GDPR obligations, including data protection impact assessments.
Breach notification
We notify affected customers within 48 hours of confirming a personal-data breach, with a follow-up report to support your Article 33 obligations.
Return and deletion
On termination, data is exportable for 30 days, deleted from production within 30 days after that, and purged from backups within 90 days, with written confirmation.
Request the DPA
To put a DPA in place or review the full terms and current sub-processor list, contact our data protection team.
Contact
Questions about this policy or your data? Email our data protection team.