Hobb Data Processing Addendum

Last updated / Effective date: July 11, 2026

This Data Processing Addendum ("DPA") forms part of, and is incorporated by reference into, the Terms of Service (the "Agreement") between Redo AI, Inc. ("Redo AI," "Processor," "Service Provider") and the customer that accepts the Agreement ("Customer," "Controller," "Business"). It governs Redo AI's processing of Personal Data on Customer's behalf in providing the Hobb service (the "Service"). Where there is a conflict between this DPA and the Agreement on the subject of data protection, this DPA controls.

By accepting the Agreement, Customer accepts this DPA on behalf of itself and, to the extent required, the entities it represents.

1. Definitions

  • "Personal Data" means information relating to an identified or identifiable natural person that Redo AI processes on Customer's behalf under the Agreement.
  • "Customer Personal Data" means Personal Data within Customer Data, including data about Customer's contacts, leads, and clients ("Contact Data") and the content of communications Customer processes through the Service.
  • "Data Protection Laws" means all laws applicable to the processing of Personal Data under the Agreement, including the California Consumer Privacy Act as amended by the CPRA ("CCPA"), other U.S. state privacy laws, and, where applicable, the EU/UK GDPR.
  • "Controller," "Processor," "Business," "Service Provider," "Sub-processor," "Data Subject," and "processing" have the meanings given in the applicable Data Protection Laws.
  • Terms not defined here have the meanings in the Agreement.

2. Roles and scope

2.1 Roles. For Customer Personal Data, Customer is the Controller / Business and Redo AI is the Processor / Service Provider, processing only on Customer's documented instructions. For account-registration, billing, and Service-usage/security data that Redo AI determines the purposes and means of, Redo AI acts as an independent Controller/Business under its Privacy Policy.

2.2 Instructions. The Agreement, this DPA, and Customer's use and configuration of the Service constitute Customer's complete and documented instructions. Redo AI will not process Customer Personal Data for any other purpose, and will inform Customer if, in its opinion, an instruction infringes Data Protection Laws.

2.3 Details of processing. The subject-matter, duration, nature and purpose of processing, categories of Personal Data, and categories of Data Subjects are described in Annex A.

3. CCPA / U.S. service-provider terms

3.1 Redo AI is a Service Provider (and, where applicable, a Processor) with respect to Customer Personal Data. Redo AI will not: (a) sell or share Customer Personal Data (as those terms are defined under the CCPA); (b) retain, use, or disclose it for any purpose other than the business purposes of providing the Service specified in the Agreement, or as otherwise permitted by the CCPA; (c) retain, use, or disclose it outside the direct business relationship between the parties; or (d) combine it with Personal Data from other sources except as permitted by the CCPA.

3.2 Redo AI certifies that it understands the restrictions in this Section and will comply with them. Redo AI will notify Customer if it determines it can no longer meet its obligations under Data Protection Laws.

4. Confidentiality

Redo AI will ensure that personnel authorized to process Customer Personal Data are bound by appropriate confidentiality obligations and access it only as needed to provide the Service.

5. Security

Redo AI will implement and maintain appropriate technical and organizational measures designed to protect Customer Personal Data against accidental or unlawful destruction, loss, alteration, and unauthorized disclosure or access, as described in Annex B. Customer is responsible for configuring the Service, managing access, and using it in a secure manner.

6. Sub-processors

6.1 Customer provides general authorization for Redo AI to engage Sub-processors to process Customer Personal Data. Redo AI's current Sub-processors are listed at hobb.ai/legal/subprocessors.

6.2 Redo AI will impose data-protection obligations on each Sub-processor that are no less protective than those in this DPA, and remains responsible for its Sub-processors' performance.

6.3 Redo AI will provide a mechanism to receive notice of intended changes to its Sub-processors (for example, by updating the Sub-processor page or by email to a subscribed address), giving Customer the opportunity to object on reasonable data-protection grounds. If Customer objects, the parties will work in good faith to resolve the concern; if they cannot, Customer may terminate the affected Service.

7. Data-subject requests

Taking into account the nature of the processing, Redo AI will provide reasonable assistance (including through Service functionality) to enable Customer to respond to requests from Data Subjects to exercise their rights under Data Protection Laws. If Redo AI receives such a request directly, it will, where permitted, direct the Data Subject to Customer or promptly notify Customer.

8. Personal-data breach

Redo AI will notify Customer without undue delay after becoming aware of a Personal Data Breach affecting Customer Personal Data, and will provide information reasonably available to it to help Customer meet its notification obligations. Redo AI will take reasonable steps to mitigate and remediate the breach.

9. Deletion and return

On termination or expiry of the Agreement, Redo AI will, at Customer's choice, delete or return Customer Personal Data within a reasonable period, and delete existing copies except to the extent retention is required by law. Certain data may persist in routine backups for a limited period before deletion. Customer may also delete data, and configure deletion schedules for call recordings and transcripts, through the Service.

10. Audits

Redo AI will make available information reasonably necessary to demonstrate compliance with this DPA and will allow for and contribute to audits, including inspections, conducted by Customer or an auditor mandated by Customer, subject to reasonable confidentiality, security, frequency, and notice conditions. Redo AI may satisfy this obligation by providing third-party certifications, reports, or summaries where available.

11. International transfers

The Service is currently provided from the United States. If Customer Personal Data protected by the EU/UK GDPR is processed under the Agreement, the parties will implement an appropriate transfer mechanism (such as the EU Standard Contractual Clauses and/or the UK International Data Transfer Addendum, and/or the EU-U.S. Data Privacy Framework where applicable), which will be incorporated into this DPA by reference and prevail over conflicting terms with respect to such data.

12. Liability

Each party's liability arising out of or related to this DPA is subject to the limitations and exclusions of liability set out in the Agreement.

13. General

This DPA is governed by the same law and dispute-resolution terms as the Agreement. If any provision is invalid or unenforceable, the remainder remains in effect.


Annex A — Details of processing

  • Subject-matter: provision of the Hobb Service.
  • Duration: the term of the Agreement, plus any legally required or configured retention period.
  • Nature and purpose: hosting, syncing, reading, capturing, organizing, transcribing, extracting from, and enabling communication across Customer's email, voice, SMS, and WhatsApp channels; generating contacts, scores, and tasks; billing and support; security.
  • Categories of Data Subjects: Customer's authorized users; and Customer's contacts, leads, clients, and other correspondents.
  • Categories of Personal Data: identifiers (names, email addresses, phone numbers); communications content (email, SMS, WhatsApp, drafts); call recordings and transcripts (where enabled); professional/business information; usage and device data; derived records (scores, tasks); and, incidentally, any sensitive information contained in communications (which Customer is responsible for minimizing per the Acceptable Use Policy).
  • Sub-processors: as listed at hobb.ai/legal/subprocessors.

Annex B — Technical and organizational measures

Redo AI maintains measures including: encryption of Personal Data in transit and at rest; encryption of stored third-party credentials with tightly controlled keys; per-organization data isolation enforced at the application-query layer; least-privilege access scopes (including a Gmail scope ladder that never includes send access); fail-closed production configuration; secret management with rotation procedures; access controls and authentication for personnel; monitoring and logging; a privacy-preserving pipeline that scrubs personal identifiers from message text before AI processing; and incident-response procedures. These measures may be updated over time provided the level of protection is not materially decreased.

Annex C — Contact

Data-protection contact: privacy@joinredo.comRedo AI, Inc., c/o Legalinc Corporate Services Inc., 131 Continental Drive, Suite 305, Newark, DE 19713, USA.