Data Processing Addendum

Data processing commitments, privacy safeguards, and controller-processor responsibilities for VexylCloud.

Book Demo Start Free Trial

Privacy and processing

Baseline data processing terms for evaluation and contracted services.

This Data Processing Addendum summarizes the standard processing framework VexylCloud uses when handling customer data in connection with evaluations, onboarding, and contracted platform services.

Roles

Customers act as controllers or businesses for their customer and operational data. VexylCloud acts as processor or service provider to the extent it processes that data on their behalf.

Purpose limitation

Data is processed only to deliver the contracted services, support the platform, secure the environment, investigate incidents, and meet legal or contractual obligations.

Instructions

Customer instructions are defined by the platform configuration, applicable agreements, and documented service scope unless otherwise agreed in writing.

Categories of data and processing activity

  • Account, user, and tenant administration data
  • Operational workflow data used to deliver the platform features under contract
  • Support, incident, and audit data reasonably necessary to secure and operate the service
  • Limited sales or evaluation data where applicable to onboarding or rollout planning

Security measures

VexylCloud applies administrative, technical, and organizational safeguards appropriate to the service model, provider capabilities, and the nature of the data involved. Public summaries of those controls are described in the Trust Center.

Subprocessors

Core subprocessors and infrastructure providers are listed at /subprocessors/. VexylCloud may update that list as the platform evolves.

Data subject rights assistance

Where applicable, VexylCloud will provide reasonable assistance for requests involving access, deletion, correction, export, or restriction, subject to contractual scope, technical feasibility, and applicable law.

Incident notice

Confirmed material incidents affecting customer data are investigated, contained, and communicated without undue delay, consistent with applicable law and contract.

Return and deletion

At the end of the applicable service term, data return and deletion are handled according to the customer agreement, product capabilities, backup/retention requirements, and legal obligations.

Contractual note

This page describes the standard processing position for public evaluation and procurement review. Customer-specific or negotiated DPA terms may supplement or replace this summary in a signed agreement.