Roles
- Customer: Data Controller
- Codivox: Data Processor (unless otherwise agreed in writing)
Processing Details
- Purpose: Provide software development and related services
- Categories of data: Typically customer user data, account data, logs, and analytics events (as determined by Customer)
- Data subjects: Customer's users, employees, contractors, or end customers
- Duration: For the term of services and as needed for support and retention obligations
Processor Obligations
Codivox will:
- Process data only on documented instructions from Customer
- Ensure confidentiality for personnel with access
- Implement appropriate security measures
- Assist Customer with reasonable requests related to data subject rights
- Notify Customer of a personal data breach without undue delay (once confirmed)
- Delete or return personal data at end of services where feasible (subject to legal obligations)
Security Measures (Summary)
We maintain reasonable safeguards such as:
- Access controls and least privilege
- Secure development practices
- Environment separation where applicable
- Encryption in transit (and at rest where supported by infrastructure)
- Logging and monitoring (as appropriate)
Sub-processors
Codivox may use sub-processors (for example, hosting, analytics, and email). We ensure sub-processors are bound by appropriate obligations.
Sub-processor list is available upon request at hello [at] codivox [dot] com.
International Transfers
Where required, we use appropriate safeguards such as Standard Contractual Clauses.
Audit and Documentation
Upon reasonable notice, Codivox will provide information necessary to demonstrate compliance with this DPA, subject to confidentiality and security constraints.
Contact
For DPA questions: hello [at] codivox [dot] com