Vouchexa Header Fixed
Login Start trial
Features How it works Pricing Contact Login Start trial
Data Processing Agreement – Vouchexa

Data Processing Agreement

Last updated: January 2025

This Data Processing Agreement (“DPA”) forms part of the Terms of Service between the Customer (“you”, “your”) and Vouchexa (“we”, “us”, “our”) and governs our processing of personal data on your behalf.

1. Purpose of This Agreement

This DPA ensures compliance with data protection laws including the General Data Protection Regulation (GDPR). It describes how Vouchexa processes, protects, and handles personal data that you submit through our platform.

2. Roles of the Parties

Under this agreement:

  • You (the Customer) are the “Data Controller”.
  • Vouchexa is the “Data Processor”.

You determine the purpose and means of processing customer data. We process such data only based on your instructions.

3. Types of Data Processed

Vouchexa may process the following categories of data:

  • Customer names
  • Email addresses or phone numbers for review requests
  • Review data and feedback responses
  • Business account details
  • Technical data (IP, browser, device information)

4. Instructions for Processing

Vouchexa will process personal data solely for:

  • Providing the review management platform
  • Sending review requests at your direction
  • Storing and displaying review analytics
  • Maintaining security and functionality of the service

We will not process data for any other purpose without your explicit consent.

5. Data Security Measures

We implement industry-standard security measures including:

  • Encrypted data transmission (HTTPS/SSL)
  • Secure cloud storage environments
  • Access control and authentication layers
  • Data minimization policies

6. Confidentiality

All personnel who process personal data for Vouchexa are bound to strict confidentiality obligations and undergo regular training.

7. Sub-Processors

Vouchexa may use trusted third-party service providers (“Sub-Processors”) to deliver parts of the service. These may include:

  • Hosting providers (cloud servers)
  • Email/SMS sending services
  • Analytics services
  • Payment processors (such as Stripe)

All Sub-Processors must adhere to GDPR-compliant processing standards.

8. International Data Transfers

If data must be transferred outside the EU/EEA, we ensure compliance with GDPR via:

  • Standard Contractual Clauses (SCCs)
  • Approved transfer mechanisms
  • Verified secure data centers

9. Data Subject Rights

As the Data Controller, you are responsible for handling data subject requests such as:

  • Access requests
  • Correction requests
  • Deletion (right to be forgotten)
  • Objection or restriction requests

We will assist you in fulfilling these requests when required.

10. Data Breach Notification

In the event of a data breach affecting your customers’ data, we will notify you without undue delay and provide relevant details and assistance.

11. Data Retention & Deletion

Personal data is retained only for as long as necessary to provide our service. Upon account termination or written request, we will delete or return all personal data unless legally required to retain it.

12. Liability

Our liability is governed by the Vouchexa Terms of Service. This DPA does not extend liability beyond that agreement.

13. Updates to This Agreement

We may update this DPA periodically. The “Last updated” date will always reflect the newest version.

14. Contact Information

If you have questions about this Data Processing Agreement, you may contact us at:

Email: support@vouchexa.com

Scroll to Top