revmetrix·ai

Legal

Data Processing Agreement

For customers processing personal data of individuals in the EU/EEA, UK, or other regions with GDPR-equivalent regulations.

1. Roles

You are the data controller of personal data you upload or process through the service. RevMetrix AI is the data processor acting on your documented instructions.

2. Subprocessors

We maintain a current list of subprocessors on our Privacy Policy page. We'll give you 30 days' notice before engaging a new subprocessor.

3. Security

Data is encrypted in transit (TLS 1.2+) and at rest. Access is gated by role-based controls. We audit access logs and rotate keys on a quarterly cadence.

4. International transfers

Where data flows outside the EU/EEA, we use Standard Contractual Clauses (2021/914) and supplementary measures as required.

5. Data subject requests

We'll assist you in fulfilling data subject requests (access, correction, deletion) within statutory deadlines.

6. Signing the DPA

To execute a counter-signed DPA, email legal@revmetrix.ai with your company details.