Data Processing Agreement (DPA) for Repilo AI

Last updated: April 12, 2026

This Data Processing Agreement ("DPA") is part of the Terms of Service ("Agreement") between the user ("Customer," "Data Controller," "you") and Repilo AI ("the Software," "the Riley Engine," "Processor," "we," "our," "us"). This DPA governs the processing of personal data performed on behalf of the Customer in connection with the provision of AEO (Artificial Intelligence Engine Optimization) services, in compliance with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).


1. Definitions

  • Data Controller: The entity (your clinic/business) that determines the purposes and means of processing.

  • Data Processor: Repilo AI, which processes personal data on behalf of the Controller.

  • Processing: Any operation performed on data, such as collection, restructuring by the Riley Engine, storage, or AI-generated response delivery.

  • Sub-Processor: Third-party entities (e.g., cloud hosts, LLM API providers) appointed by Repilo AI to assist in service delivery.


2. Roles and Responsibilities

  • Customer as Data Controller: You are responsible for ensuring a legal basis for processing patient and business data and for complying with local health and data privacy laws.

  • Repilo AI as Data Processor: We process personal data solely based on your instructions and the technical parameters set within the Riley Engine.


3. Types of Personal Data Processed

Repilo AI processes the following on your behalf:

  • End-User/Patient Data: Names, emails, public reviews, private feedback, and video testimonials submitted via Riley-optimized capture nodes.

  • Customer/Clinical Data: Professional names, contact info, and login credentials.

  • AEO Telemetry Data: IP addresses, device information, and selection probability data related to your clinical authority.


4. Purpose of Processing

The Riley Engine processes data for:

  • Restructuring clinical metadata for LLM selection.

  • Generating AI-powered responses to patient reviews.

  • Executing automated selection request campaigns (Email/SMS).

  • Deploying AEO widgets and social media authority assets.

  • Generating reputation analytics and AI-visibility reports.


5. Processor Obligations

Repilo AI agrees to:

  • Instructions: Process data only as necessary to provide AEO services and in accordance with your documented configuration.

  • Confidentiality: Ensure all personnel involved in the Riley Engine's operation are bound by strict non-disclosure agreements.

  • Security: Implement AES-256 encryption and high-level organizational safeguards.

  • Breach Notification: Notify the Customer without undue delay upon the discovery of any personal data breach.


6. Customer Obligations

As the Data Controller, you agree to:

  • Provide lawful instructions and maintain valid legal grounds for processing (e.g., patient consent).

  • Provide necessary privacy notices to your patients regarding how their data is used for reputation management.

  • Handle all initial Data Subject requests (access, deletion, etc.), with Repilo AI providing technical assistance.


7. Sub-Processors

Repilo AI utilizes Sub-Processors (such as AWS for hosting and OpenAI/Google for LLM processing). We ensure:

  • All Sub-Processors provide a level of data protection equivalent to this DPA.

  • Customers are notified of significant changes to our Sub-Processor list.

  • Repilo AI remains liable for the data protection performance of its Sub-Processors.


8. International Data Transfers

Where data is transferred outside the EEA or your local jurisdiction, we implement appropriate safeguards, such as Standard Contractual Clauses (SCCs), to ensure your clinical data remains protected under the highest global standards.


9. Data Subject Rights

Repilo AI provides the tools necessary for you to fulfill patient requests for data access, rectification, or the "Right to be Forgotten." Any requests received directly by Repilo AI will be forwarded to you for handling.


10. Retention and Deletion

Upon termination of your Riley Sprint or subscription, we will, at your request, delete or return all personal data processed on your behalf, unless retention is required by applicable law.


11. Audit Rights

The Customer may request a technical audit of Repilo AI’s processing activities to ensure compliance with this DPA. Audits shall be conducted during business hours with reasonable notice and at the Customer's expense.


12. Governing Law

This DPA shall be governed by and construed in accordance with the laws of England and Wales.


13. Contact Information

For concerns regarding this DPA or the Riley Data Protocol, please contact our Data Privacy Officer at: Support@repilo.co.uk.

Logo

The Intelligence Engine for Elite Clinical Selection.

PROTOCOL_ACTIVE // AEO_STABLE
Platform
The Engine
Process
Pricing
Presence
Birmingham, UK
Legal
Privacy
Terms of Service
Cookie Policy
DPA (Data Processing Agreement)
© 2026 REPILO INC.
SYSTEM STATUS: OPTIMAL