Oodles Data Processing Agreement (DPA)

Effective Date: May 21, 2025
 Corporation Name: FuelSignal, Inc. DBA Oodles
 Address: 1801 Main Street Ste 1300, Houston, Texas 77002
 Email: info@oodlesai.com
 Phone: 281-845-8479

This Data Processing Agreement (“DPA”) is entered into by and between FuelSignal, Inc. DBA Oodles (“Processor”) and the merchant (“Controller”) using the Oodles platform. This DPA outlines terms governing the collection, processing, and protection of personal data under data protection laws including the GDPR, CCPA, and similar regulations.

1. DEFINITIONS

  • Controller: The merchant using the Oodles platform to collect and process personal data.

  • Processor: FuelSignal, Inc. DBA Oodles, processing data on behalf of the Controller.

  • Data: Personal data or other information submitted to Oodles as part of the Controller’s use of the Platform.

  • Data Subject: Any natural person whose personal data is processed by the Processor on behalf of the Controller.

  • Sub-Processor: A third-party processor engaged by Oodles to process Data on its behalf.

  • Applicable Laws: Includes GDPR (EU) 2016/679, CCPA, CPRA, UK GDPR, and any other data protection regulations.

2. Scope and Purpose of Processing

The Processor shall process Data only as necessary to:

  • Provide the services available on the Oodles platform,

  • Operate AI Agent workflows (e.g., messaging, scheduling, feedback collection),

  • Fulfill documented instructions from the Controller,

  • Comply with applicable legal or regulatory obligations.

The Processor shall not use Data for its own purposes, including AI/ML training, without express consent.

3. Processor Obligations

  • Confidentiality: All personnel with access to Data shall be subject to confidentiality obligations.

  • Security: Processor will implement appropriate technical and organizational measures (e.g., encryption, access control, audits, regular assessments) to ensure Data security.

  • Assistance with Rights Requests: Processor will support the Controller (at the Controller’s expense) in responding to Data Subject requests under GDPR, CCPA, or other applicable laws.

  • Sub-Processors: Processor may engage Sub-Processors but will require written agreements imposing data protection obligations equal to those in this DPA. A list of Sub-Processors is available upon request.

  • Data Breach Notification: Processor shall notify Controller without undue delay after becoming aware of a personal data breach, and provide cooperation in accordance with applicable laws.

  • Use of Google Workspace APIs: Processor will not use any data obtained from Google Workspace APIs for training generalized AI/ML models. Such data is used solely for communication purposes between merchants and their customers and is not retained beyond service delivery.

4. Controller Obligations

  • Lawful Basis: Controller shall ensure that all personal data provided to the Processor has been lawfully collected and that it has a valid legal basis for processing.

  • Data Subject Consent: Controller shall obtain and maintain all necessary consents from Data Subjects, including for any AI-generated communications initiated by the Oodles platform.

  • Instructions: Controller warrants that its processing instructions to the Processor comply with applicable law.

  • Shopify Merchant Responsibility: Where applicable, Shopify merchants agree that store data accessed through Shopify APIs is processed in accordance with permissions granted during app installation.

5. Data Security

Processor maintains commercially reasonable security safeguards including:

  • Secure data storage and encrypted transmission

  • Role-based access control

  • Multi-factor authentication for administrative users

  • Regular vulnerability scanning and penetration testing

While Oodles strives to ensure security, no system is impenetrable, and Controller acknowledges this inherent risk.

6. Term and Termination

This DPA remains in effect for the duration of the Controller’s use of the Oodles platform. Either party may terminate this DPA upon thirty (30) days’ written notice if the other party materially breaches its obligations and fails to cure the breach.

7. Return or Deletion of Data

Upon termination of services or at the written request of the Controller, the Processor will delete or return all Data unless retention is required by law. Deletion will be performed securely and in accordance with industry standards.

8. Audit Rights

Processor shall make available documentation necessary to demonstrate compliance with this DPA and applicable data protection laws. Upon written request, Controller may audit, at its own cost, Processor’s compliance with this DPA subject to reasonable notice, confidentiality agreements, and no more than once annually.

9. Governing Law

This DPA shall be governed by and interpreted in accordance with the laws of the State of Texas, without regard to conflict of law principles.

10. Entire Agreement

This DPA, along with the Terms & Conditions and Privacy Policy, constitutes the entire agreement between the Controller and Processor relating to data processing and supersedes any prior or contemporaneous understandings or agreements.

By using the Oodles platform, the Controller agrees to be bound by the terms of this Data Processing Agreement.


For questions regarding this agreement, contact:
 Email: info@oodlesai.com
 Phone: 281-845-8479
 Address: 1801 Main Street Ste 1300, Houston, Texas 77002

Ready to try oodles to achieve 10X Growth?

Try live demo here