MSubject: Urgent: DPA (v2.1) Mismatch - End-User Data & OpenAI Not Covered
To Voiceflow Support,
We have an urgent legal issue with your DPA (v2.1, dated Oct 20, 2025). This document is unsuitable for our purpose: building GDPR-compliant bots for our clients.
The problem is twofold:
Incorrect Scope (No End-Users): The DPA, in Annex I.B, only covers PII for our own "employees, contractors" (our developers) for the purpose of "user account creation." The PII (name, email) of our end-users (the "chatters") is not covered.
Incorrect Sub-processor List: Annex III lists only "Amazon Web Services, Inc." as an authorized sub-processor. OpenAI (which we use via the standard AI integration) is not on this legally binding list.
Action Required: Please provide us with the correct DPA that:
Covers the data processing of end-users.
Contains a correct sub-processor list (including OpenAI).
Our projects are completely stalled because of this.
We have an urgent legal issue with your DPA (v2.1, dated Oct 20, 2025). This document is unsuitable for our purpose: building GDPR-compliant bots for our clients.
The problem is twofold:
Incorrect Scope (No End-Users): The DPA, in Annex I.B, only covers PII for our own "employees, contractors" (our developers) for the purpose of "user account creation." The PII (name, email) of our end-users (the "chatters") is not covered.
Incorrect Sub-processor List: Annex III lists only "Amazon Web Services, Inc." as an authorized sub-processor. OpenAI (which we use via the standard AI integration) is not on this legally binding list.
Action Required: Please provide us with the correct DPA that:
Covers the data processing of end-users.
Contains a correct sub-processor list (including OpenAI).
Our projects are completely stalled because of this.
