Back to Home

Data Processing Addendum

legal.dpa.lastUpdated

English Only

The English version is the legally binding version. Translations are provided for reference only.

This Data Processing Addendum ("DPA") supplements the Terms of Service and governs the processing of personal data under the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Definitions

"Controller" means the Customer using the Services, who determines the purposes and means of processing personal data.

"Processor" means Crubing LLC ("Zavu"), which processes personal data on behalf of the Controller.

"Personal Data" means any information relating to an identified or identifiable natural person.

"Processing" means any operation performed on personal data, including collection, storage, use, and deletion.

2. Scope of Processing

Zavu processes personal data on behalf of the Controller to deliver messaging services. The categories of data processed include:

  • Phone numbers and email addresses of message recipients
  • Message content and metadata
  • Delivery status and timestamps
  • Contact information and preferences

3. Controller Obligations

The Controller agrees to:

  • Ensure lawful basis for processing personal data
  • Obtain necessary consents from data subjects
  • Provide clear and accurate processing instructions to Zavu
  • Comply with all applicable data protection laws

4. Processor Obligations

Zavu agrees to:

  • Process personal data only on documented instructions from the Controller
  • Ensure personnel are bound by confidentiality obligations
  • Implement appropriate technical and organizational security measures
  • Assist the Controller in fulfilling data subject rights
  • Delete or return personal data upon termination of the Services
  • Make available information necessary to demonstrate compliance

5. Security Measures

Zavu implements industry-standard technical and organizational measures to ensure data security, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication mechanisms
  • Regular security assessments and audits
  • Incident response and breach notification procedures
  • Employee training on data protection

6. Subprocessors

Zavu uses subprocessors as described in our Privacy Policy. The Controller authorizes the use of these subprocessors. Customers may subscribe to subprocessor change notifications by contacting privacy@zavu.dev.

7. Data Subject Requests

Zavu will assist the Controller in fulfilling data subject access requests, including requests for access, rectification, erasure, restriction, portability, and objection. Zavu will notify the Controller promptly upon receiving any request from a data subject.

8. Data Breach Notification

In the event of a personal data breach, Zavu will notify the Controller without undue delay after becoming aware of the breach. The notification will include the nature of the breach, categories and approximate number of data subjects affected, and measures taken to address the breach.

9. International Transfers

Where personal data is transferred outside the European Economic Area, Zavu ensures appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

10. Term and Termination

This DPA remains in effect for the duration of the Services. Upon termination, Zavu will delete or return all personal data as instructed by the Controller, unless retention is required by law.

11. Governing Law

This DPA is governed by the laws of the State of Wyoming, United States, without regard to conflict of law principles.

Contact

For questions about this DPA or data processing, please contact privacy@zavu.dev.

Related Policies

Data Processing Addendum | Zavu