Data Processing Agreement
Last updated: June 2026
1. Roles
For personal data processed through the service, you (the customer) are the data controller and Voltrachat is the data processor. This DPA forms part of our agreement and reflects GDPR Article 28.
2. Processing on instructions
We process personal data only on your documented instructions (including via the product's configuration), and as needed to provide the service or to comply with law.
3. Confidentiality
Personnel authorised to process data are bound by confidentiality obligations.
4. Security
We implement appropriate technical and organisational measures (Article 32): encryption of tokens/secrets at rest, access controls, logging, and isolation between customers.
5. Sub-processors
You authorise us to engage sub-processors (e.g. hosting, payments, AI providers) under written terms no less protective than this DPA. We maintain a current list and inform you of intended changes; we remain fully liable for their performance.
6. Data-subject rights
We assist you, as far as possible, in responding to requests from data subjects (access, rectification, erasure, portability, objection), including export and deletion tools in the product.
7. Personal-data breach
We notify you without undue delay after becoming aware of a personal-data breach affecting your data, with the information you need to meet your own obligations.
8. Deletion or return
On termination, at your choice, we delete or return all personal data and delete existing copies, unless law requires retention.
9. Audits
We make available the information needed to demonstrate compliance and contribute to reasonable audits.
10. International transfers
Where data is transferred across borders, we rely on appropriate safeguards (such as standard contractual clauses).