Customer Data Processing Addendum

Last Updated: April 2026

If you would like a signed copy of this Addendum, please contact our Legal Team.

This Customer Data Processing Addendum, including its exhibits and appendices (the “Addendum”), is entered into between Politek LLC d/b/a RedVoice AI, a Florida limited liability company (“RedVoice AI,” “Politek,” “we,” “us,” or “our”), and the client entity or person accepting this Addendum (“Client”) (each, a “Party” and collectively, the “Parties”).

This Addendum is incorporated into and forms part of the RedVoice AI Managed Communications Services Agreement and any applicable Statement of Work, Order Form, or other written addendum executed by the Parties (collectively, the “Agreement”). This Addendum applies only where and to the extent RedVoice AI Processes Customer Personal Data on behalf of Client in connection with the Services under the Agreement.

In the event of a conflict between this Addendum and the Agreement, this Addendum will control solely with respect to Processing governed by this Addendum. In all other respects, the Agreement remains the prevailing commercial document.

1. Definitions

For purposes of this Addendum:

• “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with a Party.
• “Agreement” means the RedVoice AI Managed Communications Services Agreement, together with any Statement of Work, Order Form, or written addendum executed by the Parties.
• “Applicable Data Protection Laws” means the privacy, data protection, and data security laws applicable to RedVoice AI’s Processing of Customer Personal Data under the Agreement, including applicable U.S. federal and state privacy laws, breach notification laws, wiretap and recording laws, and consumer privacy laws, in each case as amended from time to time.
• “Client Data” has the meaning given in the Agreement and includes scripts, prompts, contact lists, campaign-specific creative materials, call data, message data, workflow data, and other data, content, or materials made available by or on behalf of Client in connection with the Services.
• “Customer Personal Data” means Personal Data contained within Client Data that RedVoice AI Processes on behalf of Client in connection with the Services under the Agreement. Customer Personal Data does not include information RedVoice AI processes as a controller for its own business administration, billing, account management, legal compliance, fraud prevention, security monitoring, or internal operations.
• “Deidentified Data” means data that cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, to a particular individual, household, or Client, and that is maintained in deidentified form using reasonable technical and organizational safeguards.
• “Personal Data,” “Personal Information,” “Process” or “Processing,” “Controller,” “Business,” “Service Provider,” “Processor,” “Sub-Processor,” “Data Subject,” and “Personal Data Breach” shall have the meanings assigned under Applicable Data Protection Laws to the extent such laws apply.
• “Services” means the managed inbound and outbound communications services, analytics, operational support, and related services described in the Agreement.
• “Sub-Processor” means a third party engaged by or on behalf of RedVoice AI to Process Customer Personal Data in connection with the Services.

Capitalized terms not defined in this Addendum have the meanings given in the Agreement.

2. Scope and Applicability

2.1 Duration.

This Addendum takes effect on the effective date of the Agreement and remains in effect for so long as RedVoice AI Processes Customer Personal Data on behalf of Client under the Agreement.

2.2 Scope.

This Addendum applies only to Processing of Customer Personal Data by RedVoice AI on behalf of Client in connection with the Services under the Agreement. It does not apply to data RedVoice AI Processes as an independent business for its own internal business purposes, except to the extent required by Applicable Data Protection Laws.

2.3 U.S.-Focused Scope.

The Parties acknowledge that the Services are intended primarily for U.S.-based campaigns, advocacy groups, organizations, and related entities, and that this Addendum is drafted primarily to address U.S.-applicable privacy and data security obligations. If the Parties later agree in writing to processing governed by non-U.S. data protection laws, they may execute a supplemental addendum addressing those requirements.

3. Roles of the Parties

3.1 Client is the party that determines the purposes and means of communications campaigns, outreach strategy, scripts, prompts, target lists, lawful basis for contact, opt-out practices, and the overall use of Client Data under the Agreement.

3.2 RedVoice AI acts as a processor, service provider, or equivalent downstream service provider, as applicable, when Processing Customer Personal Data on behalf of Client in connection with the Services.

3.3 To the extent Client is itself a processor or service provider for another party, RedVoice AI acts as Client’s sub-processor or subcontractor, as applicable.

4. Processing of Customer Personal Data

4.1

RedVoice AI shall Process Customer Personal Data only:

• to provide, operate, maintain, secure, support, troubleshoot, improve, and administer the Services under the Agreement;
• to carry out Client’s documented instructions as reflected in the Agreement, Statements of Work, support requests, campaign setup, scripts, prompts, workflows, suppressions, and related operational directives;
• to comply with applicable law, legal process, or binding governmental requests; and
• for RedVoice AI’s internal business purposes that are permitted by Applicable Data Protection Laws and not inconsistent with Client’s rights under the Agreement.

4.2

Client instructs RedVoice AI to Process Customer Personal Data as reasonably necessary to perform the Services, including without limitation collecting, recording, storing, hosting, transmitting, routing, calling, texting, transcribing, analyzing, tagging, scoring, prioritizing, classifying, reporting on, and otherwise using Customer Personal Data in connection with the Services.

4.3

RedVoice AI may use Customer Personal Data and Client Data in aggregated, anonymized, or deidentified form for any lawful business purpose, including without limitation:

• analytics;
• benchmarking;
• reporting;
• service improvement;
• product development;
• workflow optimization;
• model tuning and evaluation;
• creation of internal or external audience insights, trends, or performance metrics; and
• lawful advertising, marketing, promotion, audience building, or first-party data uses,

provided that such use does not identify Client, any Data Subject, or any specific campaign except where separately authorized by Client or otherwise permitted by law.

4.4

Nothing in this Addendum prohibits RedVoice AI from creating, using, licensing, commercializing, or otherwise exploiting aggregated, anonymized, or deidentified data, analytics, insights, models, learnings, or derived works, so long as such materials do not identify Client or any individual except as otherwise permitted by law.

4.5

To the extent RedVoice AI uses aggregated, anonymized, or deidentified data under this Section, RedVoice AI shall maintain reasonable measures designed to preserve the deidentified nature of such data and not knowingly attempt to reidentify it, except where permitted by law for testing, validation, security, compliance, or product integrity purposes.

5. Client Instructions; Client Responsibilities

5.1

Client represents and warrants that it has all necessary rights, permissions, consents, and lawful bases required to provide Customer Personal Data to RedVoice AI and to authorize RedVoice AI to Process such data under the Agreement and this Addendum.

5.2

Client remains solely responsible for:

• the legality of its contact lists, scripts, prompts, disclosures, targeting criteria, and campaign objectives;
• obtaining and documenting any required consents;
• compliance with TCPA, CAN-SPAM, TSR, mini-TCPA laws, recording laws, campaign-contact rules, privacy laws, and other applicable regulations; and
• determining whether and how to use the analytics, reports, classifications, or other outputs generated through the Services.

5.3

RedVoice AI is not responsible for providing legal advice to Client and does not independently verify the sufficiency of Client’s lawful basis, consent records, or campaign compliance.

6. Personnel and Confidentiality

RedVoice AI shall take reasonable steps to ensure that any personnel with access to Customer Personal Data:

• are bound by confidentiality obligations;
• have access only on a need-to-know basis; and
• receive reasonable security and privacy training appropriate to their role.

7. Security of Processing

7.1

RedVoice AI shall maintain commercially reasonable administrative, technical, and organizational safeguards designed to protect Customer Personal Data against unauthorized or unlawful access, destruction, loss, alteration, disclosure, or use.

7.2

Such safeguards may include, as appropriate:

• access controls;
• role-based permissions;
• encryption in transit and at rest where reasonably appropriate;
• logging and monitoring;
• backup and disaster recovery practices;
• vulnerability management; and
• incident response procedures.

7.3

Client acknowledges that no system is completely secure and that the Services rely on third-party platforms, networks, APIs, cloud providers, telecommunications carriers, AI providers, analytics vendors, and other Third-Party Services as described in the Agreement.

8. Sub-Processors

8.1 General Authorization.

Client authorizes RedVoice AI to engage Sub-Processors in connection with the Services.

8.2 Categories of Sub-Processors.

Sub-Processors may include telecommunications carriers, messaging providers, voice infrastructure providers, cloud hosting providers, AI model providers, CRM platforms, analytics providers, payment processors, security vendors, and support vendors.

8.3 Sub-Processor Obligations.

RedVoice AI shall impose contractual obligations on Sub-Processors that are reasonably designed to protect Customer Personal Data in a manner appropriate to the nature of the Processing.

8.4

RedVoice AI remains responsible for its Sub-Processors to the extent required by Applicable Data Protection Laws.

9. Data Subject Requests

To the extent required by Applicable Data Protection Laws, RedVoice AI shall provide reasonable assistance to Client in responding to verifiable Data Subject requests relating to Customer Personal Data, taking into account the nature of the Processing and the functionality of the Services.

10. Personal Data Breaches

10.1

If RedVoice AI becomes aware of a Personal Data Breach affecting Customer Personal Data, RedVoice AI shall notify Client without undue delay.

10.2

RedVoice AI shall provide information reasonably available to it regarding the nature of the incident, the categories of data involved, and the remediation measures taken or proposed.

10.3

RedVoice AI shall take commercially reasonable steps to investigate, contain, mitigate, and remediate the Personal Data Breach.

10.4

Notice under this Section does not constitute an admission of fault or liability.

11. Deletion, Return, and Retention

11.1

During the term of the Agreement, RedVoice AI shall provide Client with reasonable means, consistent with the Services, to access, export, or delete Customer Personal Data where supported by the Platform.

11.2

Upon termination or expiration of the Agreement, RedVoice AI may delete, retain, or return Customer Personal Data in accordance with the Agreement, this Addendum, RedVoice AI’s retention practices, and Applicable Data Protection Laws.

11.3

Notwithstanding anything to the contrary, RedVoice AI may retain Customer Personal Data or portions thereof:

• for billing reconciliation;
• to resolve carrier disputes;
• for fraud prevention and abuse detection;
• for security logging and incident investigation;
• to comply with legal obligations, legal holds, audits, or regulatory inquiries;
• in backup or archival systems subject to appropriate safeguards; and
• as otherwise permitted by Applicable Data Protection Laws and the Agreement.

11.4

Aggregated, anonymized, or deidentified data, and any analytics, models, benchmarks, or derived works that do not identify Client or a Data Subject, may be retained indefinitely for lawful business purposes.

12. Audits and Information Rights

12.1

Upon reasonable written request, RedVoice AI shall make available information reasonably necessary to demonstrate compliance with this Addendum, subject to confidentiality, security, and proportionality limitations.

12.2

Any audit rights shall be limited to what is required by Applicable Data Protection Laws and shall be conducted in a manner that minimizes disruption, protects the confidentiality of other clients, and preserves RedVoice AI’s proprietary and security-sensitive information.

13. U.S. Privacy Law Commitments

To the extent applicable U.S. state privacy laws apply, RedVoice AI shall:

• Process Customer Personal Data for the business purposes described in the Agreement and this Addendum;
• not sell or share Customer Personal Data in violation of Applicable Data Protection Laws;
• not retain, use, or disclose Customer Personal Data outside the direct business relationship with Client except as permitted by law and this Addendum; and
• provide reasonable cooperation to Client to support Client’s compliance obligations under applicable U.S. privacy laws.

14. No International Regime by Default

The Parties acknowledge that the Services are not presently intended for non-U.S. clients. Accordingly, this Addendum does not incorporate the GDPR, UK GDPR, Swiss terms, or SCCs by default.

If the Parties later agree in writing that RedVoice AI will Process Customer Personal Data subject to non-U.S. data protection laws, the Parties may adopt a supplemental international data transfer addendum or additional jurisdiction-specific terms at that time.

15. Liability

This Addendum is subject to the Agreement’s exclusions, disclaimers, indemnities, and limitations of liability, except to the extent prohibited by Applicable Data Protection Laws.

16. Amendment

RedVoice AI may update this Addendum from time to time to reflect changes in law, regulation, services, sub-processors, security practices, or operational requirements, provided that no such update materially reduces Client’s rights under this Addendum without notice.

17. General

• 17.1 This Addendum is intended to align with the Agreement and with RedVoice AI’s Terms of Service and Privacy Policy, but the Agreement remains the prevailing commercial document.
• 17.2 If any provision of this Addendum is invalid or unenforceable, the remaining provisions remain in effect.
• 17.3 This Addendum may be disclosed to regulators, supervisory authorities, or courts where required by law.
• 17.4 By executing the Agreement or otherwise accepting the Services where this Addendum applies, Client agrees to this Addendum.